JP4296454B2 - Recording / reproducing system, recording / reproducing apparatus, reproducing apparatus, data storage apparatus - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a recording / playback system, a recording / playback device, a playback device, and a data storage device, and is suitable for application to an information transmission system in which a content owner or seller can safely deliver content to content users. .
[0002]
[Prior art]
Conventionally, this is a system in which information (content) such as music is encrypted and transmitted to an information processing apparatus of a user who has signed a predetermined contract, and the user decrypts the content with the information processing apparatus and uses it.
[0003]
For example, as shown in FIG. 94, a case where two content transmitting devices and one content receiving device are provided will be described.
[0004]
The first content transmission apparatus 300 includes a data encryption unit 301, a data encryption unit 302, a content key generation unit 303, and a tamper resistant memory (Tamper Resistant Memory) 304. It should be noted that the tamper resistant memory referred to here may be any memory that can not be easily read by a third party, and is not particularly limited in terms of hardware (for example, a hard disk in a room where entry is controlled) Or a password-managed computer hard disk). The tamper-resistant memory 304 has a content key (Content Key) K_coDistribution Key K required to encrypt_dAre supplied and stored in advance from an electronic distribution service center (not shown).
[0005]
The content transmission device 300 uses the content key generation unit 303 to generate data to be passed to the content reception device 320, so that the content key K_co1And the data encryption unit 301 encrypts the content using this key. The content key K_co1Is the delivery key K in the data encryption unit 302_dIt is encrypted using These encrypted content and content key K_co1Is transmitted to the content receiving device 320.
[0006]
Incidentally, the second content transmission apparatus 310 includes a data encryption unit 311, a data encryption unit 312, a content key generation unit 313, and a tamper resistant memory 314, similar to the content transmission apparatus 300, and the content key generation unit 313. Content key K_co2And the data encryption unit 311 encrypts the content using this key. The data encryption unit 312 also has a delivery key K supplied from an electronic distribution service center (not shown)._dContent key K using_co2Is encrypted. In this way, the second content transmission apparatus 310 is configured to use the encrypted content and the encrypted content key K._co2Is transmitted by the content receiving device 320.
[0007]
The content receiving device 320 includes a transmission / reception unit 321, a host controller 322, an encryption processing unit 323, a memory 324, a data decryption unit 325, a data decryption unit 326, and a tamper resistant memory 327. In addition, since there are an indefinite number of content users and it is impossible to grasp how the content users handle the device, the tamper-resistant memory mentioned here needs to protect internal data in hardware, Therefore, the cryptographic processing unit 323 is a semiconductor chip having a structure that is difficult to access from the outside, and has a multilayer structure. The tamper-resistant memory inside is sandwiched between dummy layers such as an aluminum layer, and the operating voltage and / or It has a characteristic that it is difficult to read data illegally from the outside, such as a narrow frequency range. In the tamper resistant memory 327, a delivery key K supplied in advance from an electronic delivery service center (not shown)._dIs saved.
[0008]
Incidentally, the tamper-resistant memories 304 and 314 of the content transmission devices 300 and 310 are accessible from the outside, but there are restrictions on the access method. It may be a password or entrance management. On the other hand, the tamper resistant memory 327 of the content receiving device 320 has a structure in which the memory itself is not illegally accessed from the outside, and the method of reading internal data from the outside by a regular access means is limited or not at all. The tamper resistant memory 327 cannot read the internal data from the outside at all, but there may be an access method that can only change the data from the outside by using the previous key data or the like. In the encryption processing unit 323, the memory can be accessed and predetermined data can be read, but the internal memory cannot be read from the outside.
[0009]
Content transmitted from content sender 300 or 310 and content key K_co1And K_co2Is received by the transmission / reception unit 321 and delivered to the host controller 322. The host controller 322 once stores these data in the memory 324 and uses the content key K when using the content._coThe content is delivered to the encryption processing unit 323. The encryption processing unit 323 that has received the data is the delivery key K stored in the tamper resistant memory 327 in advance by the data decryption unit 325._dIs decrypted by using the data decryption unit 326 and the content decryption unit 326 continues to decrypt the content._coIs decrypted and the content is used. At this time, there is a case where a charging process is accompanied.
[0010]
[Problems to be solved by the invention]
Incidentally, in such an information providing system, there is a case where a recording / reproducing apparatus 330 shown in FIG. 95 is provided. For example, a recording medium 340 made of MD (Mini Disk: trademark) is detachably provided in the recording / reproducing apparatus 330. It has been.
[0011]
The recording / reproducing apparatus 330 includes a transmission / reception unit 331, a control unit 332, an encryption processing unit 333, an expansion unit 334, and an external memory control unit 335. Incidentally, the encryption processing unit 333 is supplied in advance from an electronic distribution service center (not shown), and the content key K_coKey K that decrypts_dAnd a storage key K unique to the encryption processing unit 333_saveIs held.
[0012]
The recording / reproducing device 330 is configured to use the encrypted content and content key K transmitted from the first or second content transmitting device 300 or 310._coIs received by the transmission / reception unit 331, and the received encrypted content and content key K are received._coIs sent to the control unit 332. The control unit 332 holds the encrypted content in the recording medium 340 via the external memory control unit 335, and the encrypted content key K_coIs sent to the encryption processing unit 333.
[0013]
As a result, the cryptographic processing unit 333 causes the delivery key K_dEncrypted content key K_coAnd continues to the content key K_coSave key K_saveAnd using the stored key K_saveContent key K encrypted with_coIs sent to the control unit 332. Thus, the control unit 332 stores the stored key K_saveContent key K encrypted with_coAre stored in the recording medium 340 via the external memory control unit 335.
[0014]
When the recording / playback apparatus 330 uses content, the control unit 322 receives the encrypted content and content key K from the recording medium 340._coAnd sends the encrypted content to the decompression unit 334 and the encrypted content key K_coIs sent to the encryption processing unit 333. As a result, the encryption processing unit 333 causes the encrypted content key K_coSave key K_saveContent key K obtained by decrypting with_coThe extension unit 334 is sent out. Thus, the decompression unit 334 has the content key K_coCan be used to decrypt the encrypted content and use the content.
[0015]
However, in the recording / reproducing apparatus 330, the content key K recorded on the recording medium 340 is stored._coIs stored key K unique to encryption processing unit 333_saveAnd the stored key K_saveIs stored in the encryption processing unit 333, for example, even if the recording medium 330 is loaded into another recording / reproducing apparatus other than the recording / reproducing apparatus 330 used for recording the content, Key K_coStorage key K used for recording_saveThe content recorded on the recording medium 340 cannot be reproduced because the content is not held.
[0016]
Therefore, although the recording medium 340 is provided detachably with respect to the recording / reproducing apparatus 330, there is a problem that its versatility is extremely low.
[0017]
The present invention has been made in consideration of the above points, and intends to propose a recording / reproducing system, a recording / reproducing apparatus, a reproducing apparatus, and a data storage apparatus that can remarkably improve the versatility of the data storage apparatus. is there.
[0018]
[Means for Solving the Problems]
  In order to solve such a problem, in the present invention, the information is transmitted from the information transmitting apparatus.TakoContent data is recorded by a recording / playback device.For the recording / reproducing deviceDetachableAttached toIn a recording / reproducing system for recording / reproducing data in a data storage device, content data is transmitted to an information transmitting device.TheThe content encryption means for encrypting with the content key and the transmission means for transmitting the content key and the content data encrypted with the content key are provided.A recording / playback side authentication means for mutual authentication with the data storage device and sharing a temporary key with the data storage device;Receiving means for receiving the content key transmitted from the information transmitting device and the content data encrypted with the content key;The recording / playback side key encryption means for encrypting the content key received together with the content data encrypted with the content key by the receiving means with the temporary key shared with the data storage device, and the data storage device during the recording process ,Content data encrypted with content keyAnd the content key encrypted with the temporary key by the recording / playback side key encryption means.Send outThe content key encrypted with the temporary key is decrypted with the temporary key, then encrypted with the storage key unique to the data storage device, and the content key encrypted with the storage key is encrypted with the content key To be written to the recording medium along with the content dataOrDuring playback processing,Data storage deviceIn contrast, it was encrypted with the storage key from the recording medium.Content key and content data encrypted with the content keyThe content key that has been read and encrypted with the storage key is decrypted with the storage key and then encrypted with the temporary key, and the content key encrypted with the temporary key is transferred to the content key Import with content data encrypted with keyRecording / playback control means andA recording / playback side key decryption unit for decrypting the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the recording / playback control unit, with the temporary key shared with the data storage device;In the data storage device,RecordRecording media and, KeepA stored key holding means for holding an existing key;A data storage side authentication means for mutual authentication with the recording / reproducing apparatus and sharing the temporary key with the recording / reproducing apparatus, and a temporary key given together with the content data encrypted by the content key from the recording / reproducing apparatus during the recording process The data storage side key decryption means for decrypting the encrypted content key with the temporary key shared with the recording / playback device, and the data storage side key decryption means decrypted with the temporary key during the recording process.Encrypt the content key with the storage keyData storage sideKey encryption means;During the recording process, the data storage side key encryption meansContent key encrypted with storage keyTheContent data encrypted with the content keyWithOn recording mediawritingOrDuring playback processing,A content key encrypted with a storage key and content data encrypted with the content key from a recording mediumRead / write readmeansAndTo provideThe data storage side key decryption means of the data storage device receives the content key encrypted with the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading means during the reproduction process. The data storage side key encryption unit of the data storage device decrypts the content key decrypted with the storage key by the data storage side key decryption unit with the temporary key shared with the recording / reproduction device during the reproduction process. Turn intoI did it.
[0019]
  Accordingly, the content data can be reproduced from the data storage device by another recording / reproduction device other than the recording / reproduction device that recorded the content data in the data storage device, because the storage key does not need to be stored on the recording / reproduction device side.At the same time, since the content data is transmitted and received together with the content key encrypted with the temporary key after mutual authentication between the recording / reproducing device and the data storage device, the content data is taken together with the content key at the time of the transmission and reception. Can also be avoided.
[0020]
  In the present invention,,RecordRemovable data storage device with recording mediaFittedIn the recording / reproducing apparatus,Authentication means for mutual authentication with a data storage device and sharing a temporary key with the data storage device, and a content key for encrypting a content key used for encrypting content data with a temporary key shared with the data storage device For the encryption means and the data storage device during the recording process,Encrypt with content keyWasContent data,Encrypted with temporary key by content key encryption meansContent key andSendbrothAfter decrypting the content key encrypted with the temporary key using the temporary keyData storage device specific storage keysoencryptionLet me, Encrypt with the storage keyLetContent keyTheEncrypt with the content keyWasContent dataWithOn recording mediaControl to write, and during the playback process, to the data storage device,Encrypt with storage key from recording mediumWasEncrypted with the content key and the content keyWasContent dataLet me readEncrypt with stored keyWasSave the content keysoDecryptionControl to encrypt with the temporary key and then encrypt with the temporary keyContent keyTheEncrypt with content keyWasContent dataCapture withRecording / playback control meansAnd content key decryption that decrypts the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the recording / playback control means with the temporary key shared with the data storage device during the playback process Means andIt was made to provide.
[0021]
  Accordingly, the content data can be reproduced from the data storage device in which the content data is recorded in another recording / reproducing device, because the storage key does not need to be retained.At the same time, since the content data is transmitted and received together with the content key encrypted with the temporary key after mutual authentication with the data storage device, the content data is taken together with the content key and used illegally. Can also avoid.
[0022]
  Furthermore, in the present invention,RecordRemovable data storage device with recording mediaFittedIn the playback device,Authentication means for mutual authentication with the data storage device and sharing the temporary key with the data storage device, and the data storage device,Content data encrypted with content key and data storage device specificMaintenanceThe content key encrypted with the existing keyThe content key encrypted with the storage key and the content data encrypted with the content key are read from the recording medium on which theThe content key encrypted with the storage keysoDecryptionControl to encrypt with the temporary key and then encrypt with the temporary keyContent keyTheContent data encrypted with content keyCapture withReproduction control meansAnd a content key decrypting unit for decrypting the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the reproduction control unit with the temporary key shared with the data storage device;It was made to provide.
[0023]
  Therefore, the content data can be reproduced from the data storage device in any of the reproducing devices because there is no need to hold the storage key.At the same time, since the content data is transmitted and received together with the content key encrypted with the temporary key after mutual authentication with the data storage device, the content data is taken together with the content key and used illegally. Can also avoid.
[0024]
  Furthermore, in the present invention, it can be detachably attached to a recording and / or reproducing apparatus.FittedUnder the control of the recording and / or playback devicecontentIn a data storage device for recording and / or reproducing data,RecordRecording media,Data storage device specificStorage key storage means for storing the storage key ofAuthentication means for mutual authentication with the recording and / or reproducing apparatus and sharing a temporary key with the recording and / or reproducing apparatus;With recording and / or playback devicecommunicationCommunication means toWhen the content data encrypted with the content key transmitted from the recording and playback device and the content key encrypted with the temporary key are received during the recording process, the encrypted data is encrypted with the temporary key received by the communication means. Content key decrypting means for decrypting the recorded content key with a temporary key shared with the recording and / or reproducing device, and decrypting with the temporary key by the content key decrypting means during the recording processA content key encryption means for encrypting the content key with a storage key;During the recording process, the content key encryption meansContent key encrypted with storage keyTheContent data encrypted with the content keyWithOn recording mediawritingOrDuring playback processing,A content key encrypted with a storage key and content data encrypted with the content key from a recording mediumRead / write readmeansAndTo provideThe content key decrypting means decrypts the content key encrypted with the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading means during the reproduction process, The content key encryption means encrypts the content key decrypted with the storage key by the data storage side key decryption means with the temporary key shared with the recording and reproduction device during the reproduction process, and the communication means performs the reproduction process with The content key encrypted with the temporary key by the content key encryption means is transmitted to the recording and / or reproducing apparatus together with the content data encrypted with the content key.I did it.
[0025]
  Therefore, records andOrContent data can be recorded and / or played even if the playback device does not have a storage keyAt the same time, content data is sent and received together with the content key encrypted with the temporary key after mutual authentication with the recording and / or playback device. Can also be avoided.
[0026]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.
[0027]
(1) Information distribution system
FIG. 1 is a diagram for explaining an EMD (Electronic Music Distribution) system 10 to which the present invention is applied. Content (Content) distributed to the user in this system is digital data whose information itself has value. In this example, one content corresponds to music data for one song. One content is provided to the user as one unit (single) or a plurality of contents as one unit (album). The user purchases the content (actually the content key K_coTo use the provided content (actually the content key K_coTo decrypt and use the content). Of course, the present invention can be applied not only to music data but also to all sales of contents such as videos and game programs.
[0028]
The electronic distribution service center (END Service Center) 1 assigns an individual key K to a content provider (Content Provider) 2._i, The public key certificate of the content provider 2 is transmitted, the public key certificate of the service provider 3 is transmitted to the service provider 3, and the delivery key K is transmitted to the user home network 5._dOr registration information is transmitted from the user home network 5 and billing information or the like corresponding to the use of the content or registration information is received, and the usage fee is settled based on the billing information. Profit distribution processing is performed to the service center 1 itself.
[0029]
The content provider 2 has digitized content, inserts a digital watermark (Watermark) into the content to prove that it is its content, compresses and encrypts the content, Is generated, and the signature data is added and transmitted to the service provider 3.
[0030]
The service provider 3 adds price information to the content supplied from the content provider 2 via the network 4 configured by a dedicated cable network, the Internet, or satellite communication, and adds signature data to the user home. Send to network 5.
[0031]
The user home network 5 obtains the content sent with the price information from the service provider 3, purchases the content usage right, and executes the purchase process. The purchased usage right is, for example, a reproduction usage right or a right to copy. The billing information generated by the purchase process is stored in a tamper-resistant memory in the encryption processing unit of the device held by the user, and the user home network 5 receives the delivery key K._dIs transmitted from the electronic distribution service center 1 to the electronic distribution service center 1.
[0032]
FIG. 2 is a block diagram showing a functional configuration of the electronic distribution service center 1. The service provider management unit 11 supplies the service provider 3 with the public key certificate and profit sharing information of the service provider 3 and receives information (price information) attached to the content as necessary. The content provider management unit 12 assigns the individual key K to the content provider 2._i, Delivery key K_dIndividual key K encrypted with_iIn addition to transmitting the public key certificate of the content provider 2, it supplies profit sharing information and receives information (handling policy) attached to the content as necessary. The copyright management unit 13 sends information indicating the content usage results of the user home network 5 to an organization that manages copyrights, for example, JASRAC (Japanese Society for Rights of Authors, Composers and Publishers). Send. The key server 14 generates, holds, and manages keys used for the entire system. For example, an individual key K that differs for each content provider_iAnd a delivery key K_dIndividual key K encrypted with_iAre also generated, supplied to the content provider 2 via the content provider management unit 12, and further provided with a delivery key K_dIndividual key K encrypted with_iIs also supplied to the certificate authority 22 as necessary, and the delivery key K_dIs supplied to the user home network 5 via the user management unit 18. Also, the public / private key of the electronic distribution service center 1 and the public / private key specific to the device held by the user are all generated and managed, and the public key is transmitted to the certificate authority 22 for public key certificate creation. Used. Further, a storage key K corresponding to a device-specific ID unique to an encryption processing unit 92 described later._saveMay be generated and retained.
[0033]
  See FIG. 3 to FIG. 6 for an example of periodic key transmission from the electronic distribution service center 1 to the content server 2 and home server 51 (described later) constituting the user home network 5.do itexplain. FIG. 3 shows a distribution key K possessed by the electronic distribution service center 1 in January 2000 when the content provider 2 starts providing content and the home server 51 constituting the user home network 5 starts using the content._d, Individual key K_iThe individual key K possessed by the content provider 2_i, And the delivery key K of the home server 51_dFIG. Although omitted below, the content provider 2 uses the individual key K_iThe delivery key K corresponding to_dIndividual key K encrypted with_iIs also held.
[0034]
In the example of FIG. 3, the delivery key K_d, Individual key K_iCan be used from the first day of the calendar month to the last day of the month, for example, a delivery key K which is version 1 having a value of “aaaaaaaaa” which is a random number of a predetermined number of bits._d, An individual key K that is version 1 with a value of “zzzzzzzz”_iCan be used from January 1, 2000 to January 31, 2000 (that is, content distributed by the service provider 3 to the user home network 5 during the period from January 1, 2000 to January 31, 2000). Content key K to be encrypted_coIs the individual key K which is version 1_iIndividual key K encrypted with version 1_iIs version 1 delivery key K_dA delivery key K that is version 2 having a value of “bbbbbbbbbb” that is a random number of a predetermined number of bits._d, An individual key K that is version 2 with a value of “yyyyyyyy”_iCan be used from February 1, 2000 to February 29, 2000 (that is, the content key K for encrypting the content distributed to the user home network 5 by the service provider 3 during that period)_coIs an individual key K that is version 2_iIndividual key K encrypted with version 2_iIs version 2 delivery key K_dIs encrypted). Similarly, version 3 delivery key K_d, Individual key K_iIs available during March 2000 and is version 4 delivery key K_d, Individual key K_iCan be used during April 2000, and delivery key K is version 5_d, Individual key K_iIs available during May 2000 and is version 6 delivery key K_d, Individual key K_iWill be available during June 2000.
[0035]
Prior to the content provider 2 starting to provide content, the electronic distribution service center 1 provides the content provider 2 with six individual keys K of version 1 to version 6 that can be used from January to June 2000._iEach with the same version of the delivery key K_dThe content provider 2 sends the 6 individual keys K_iAnd delivery key K_dIndividual key K encrypted with_iIs received and stored. Individual key K for June_iAnd delivery key K_dIndividual key K encrypted with_iIs stored in the content provider 2 before the content is provided and the content key K_coThis is because a predetermined period is required for the preparation of encryption.
[0036]
In addition, before the home server 51 starts using the content, the electronic distribution service center 1 has three versions 1 to 3 that can be used by the home server 51 from January 2000 to March 2000. Delivery key K_dThe home server 51 sends three delivery keys K_dIs received and stored. Delivery key K for March_dIs stored because the home server 51 cannot purchase the content despite the contract period in which the content can be purchased due to trouble such as failure to connect to the electronic distribution service center 1 due to congestion of the line. In order to avoid the situation, the frequency of connection to the electronic distribution service center 1 is reduced, and simultaneous access to the electronic distribution service center 1 by individual devices is suppressed, thereby reducing the load on the electronic distribution service center 1. Because.
[0037]
During the period from January 1, 2000 to January 31, 2000, the delivery key K which is version 1_dAnd individual key K_iIs used by the home server 51 constituting the electronic distribution service center 1, the content provider 2, and the user home network 5.
[0038]
Delivery key K of electronic distribution service center 1 as of February 1, 2000_dAnd individual key K_iThe transmission to the content provider 2 and the home server 51 will be described with reference to FIG. The electronic distribution service center 1 provides the content provider 2 with six individual keys K of version 2 to version 7 that can be used from February 2000 to July 2000._iEach with the same version of the delivery key K_dThe content provider 2 sends the 6 individual keys K_iAnd delivery key K_dIndividual key K encrypted with_iAnd the individual key K that was stored before the reception_iAnd delivery key K_dIndividual key K encrypted with_iOverwrite the new individual key K_iAnd delivery key K_dIndividual key K encrypted with_iRemember. The electronic distribution service center 1 has three delivery keys K that are version 2 to version 4 available to the home server 51 from February 2000 to April 2000._dThe home server 51 sends three delivery keys K_dThe delivery key K that was received and stored before_dOverwriting the new delivery key K_dRemember. The electronic distribution service center 1 has a distribution key K that is version 1-7._dAnd individual key K_iIs memorized as it is. This is because the delivery key K used in the past when an unexpected trouble occurs, or when a fraud occurs or is discovered._dIs to be able to use.
[0039]
During the period from February 1, 2000 to February 29, 2000, the delivery key K which is version 2_dAnd individual key K_iIs used by the home server 51 constituting the electronic distribution service center 1, the content provider 2, and the user home network 5.
[0040]
Delivery key K of electronic distribution service center 1 as of March 1, 2000_dAnd individual key K_iThe transmission to the content provider 2 and the home server 51 will be described with reference to FIG. The electronic distribution service center 1 provides the content provider 2 with six individual keys K of version 3 to version 8 that can be used from March 2000 to August 2000._iEach with the same version of the delivery key K_dThe content provider 2 sends the 6 individual keys K_iAnd delivery key K_dIndividual key K encrypted with_iAnd the individual key K that was stored before the reception_iAnd delivery key K_dIndividual key K encrypted with_iOverwrite the new individual key K_iAnd delivery key K_dIndividual key K encrypted with_iRemember. The electronic distribution service center 1 has three delivery keys K that are version 3 to version 5 that can be used by the home server 51 from March 2000 to May 2000._dThe home server 51 sends three delivery keys K_dThe delivery key K that was received and stored before_dOverwriting the new delivery key K_dRemember. The electronic distribution service center 1 has a distribution key K that is version 1-8._dAnd individual key K_iIs memorized as it is. This is because the delivery key K used in the past when an unexpected trouble occurs, or when a fraud occurs or is discovered._dIs to be able to use.
[0041]
During the period from March 1, 2000 to March 31, 2000, the delivery key K which is version 3_dAnd individual key K_iIs used by the home server 51 constituting the electronic distribution service center 1, the content provider 2, and the user home network 5.
[0042]
Delivery key K of electronic distribution service center 1 in April 1, 2000_dAnd individual key K_iThe transmission to the content provider 2 and the home server 51 will be described with reference to FIG. The electronic distribution service center 1 provides the content provider 2 with six individual keys K of version 4 to version 9 that can be used from April 2000 to September 2000._iEach with the same version of the delivery key K_dThe content provider 2 sends the 6 individual keys K_iAnd delivery key K_dIndividual key K encrypted with_iAnd the individual key K that was stored before the reception_iAnd delivery key K_dIndividual key K encrypted with_iOverwrite the new individual key K_iAnd delivery key K_dIndividual key K encrypted with_iRemember. The electronic distribution service center 1 has three delivery keys K that are version 4 to version 6 that can be used by the home server 51 from April 2000 to June 2000._dThe home server 51 sends three delivery keys K_dThe delivery key K that was received and stored before_dOverwriting the new delivery key K_dRemember. The electronic distribution service center 1 has a distribution key K that is version 1-9._dAnd individual key K_iIs memorized as it is. This is because the delivery key K used in the past when an unexpected trouble occurs, or when a fraud occurs or is discovered._dIs to be able to use.
[0043]
During the period from April 1, 2000 to April 30, 2000, version 4 delivery key K_dAnd individual key K_iIs used by the home server 51 constituting the electronic distribution service center 1, the content provider 2, and the user home network 5.
[0044]
In this way, the previous month's delivery key K_dAnd individual key K_iBy distributing the contents, even if the user has not accessed the center for one or two months, the content can be purchased, and the key can be received by accessing the center in time. it can.
[0045]
The career data management unit 15 (FIG. 2) of the electronic distribution service center 1 includes billing information, which is information indicating the results of use of content collected by the user management unit 18, and price information (services) corresponding to the content as necessary. One sent from the provider 3 and one sent by the user added to the billing information, or both, and a handling policy corresponding to the content as needed (sent from the content provider 2) And either one or both of them sent by the user in addition to the billing information, and the service provider management unit 11 or the content provider management unit 12 uses the billing information, usage history, etc. Output data when The price information and the handling policy may not be sent from the service provider 3 or the content provider 2 when necessary data is written in the billing information. The profit distribution unit 16 calculates the profits of the electronic distribution service center 1, the content provider 2, and the service provider 3 based on the billing information, the price information as necessary, and the handling policy supplied from the career data management unit 15. To do. These pieces of information are supplied to the depositing / dispensing unit 20 and may distribute profits via the depositing / dispensing unit 20. However, the profit sharing is not performed and only these pieces of information are stored in the service provider managing unit 11, the content provider managing unit 12, There is a case where the service provider 3 sends the revenue itself to the copyright management unit 13 and deposits the profits to the beneficiaries. The mutual authentication unit 17 performs mutual authentication, which will be described later, with predetermined devices in the content provider 2, the service provider 3, and the user home network 5.
[0046]
The user management unit 18 has a user registration database, and when there is a registration request from a device of the user home network 5, searches the user registration database and registers the device according to the recorded contents, or Create registration information, such as refusing registration. When the user home network 5 is composed of a plurality of devices having a function capable of being connected to the electronic distribution service center 1, the user management unit 18 specifies a device for settlement in the registration information, and registers a settlement ID. Further, the content purchase processing operation is specified, the range of devices constituting the user home network is specified, information such as transaction suspension is specified, and the predetermined device (payable device) of the user home network 5 is specified. Send.
[0047]
The example of the user registration database shown in FIG. 7 shows the registration status for each network group constructed in the user home network 5, and each group has a group ID indicating the group ID and a home network 5. ID unique to the device to be used, corresponding to the ID (that is, for each device having that ID), whether the connection with the electronic distribution service center 1 is possible, whether payment processing is possible, and the content can be purchased Information such as whether or not, which device performs the settlement process, which device requests the purchase of content, and whether or not registration is possible.
[0048]
The group ID recorded in the user registration database is assigned to each user home network, and settlement and information updating are performed in units of groups. Therefore, in principle, representative devices in the group collectively communicate with the electronic distribution service center 1, perform payment processing, and update information, and other devices in the group directly communicate with the electronic distribution service center 1. Absent. The ID recorded in the user registration database is an ID assigned to each device, and is used to identify the device.
[0049]
Information on whether or not connection to the electronic distribution service center 1 recorded in the user registration database indicates whether or not the device can be physically connected to the electronic distribution service center 1. Of the recorded devices, devices other than those that can be processed for payment are not connected to the electronic distribution service center 1 in principle (however, the representative device in the group does not perform the payment processing for some reason). In such a case, the proxy may be temporarily connected to the electronic distribution service center 1). In addition, the device recorded as being unable to be connected outputs billing information or the like to the electronic distribution service center 1 via the device capable of performing the payment process of the user home network 5.
[0050]
The information on whether or not settlement processing is possible recorded in the user registration database indicates whether or not the device is capable of settlement. When the user home network 5 is composed of a plurality of devices capable of purchasing the right to use the content, one device among which the payment processing is possible is sent to the electronic distribution service center 1 to the user home. Billing information, price information as needed, and handling policy of all devices registered in the electronic distribution service center 1 of the network 5 are transmitted, and the distribution key is sent from the electronic distribution service center 1 upon completion of the settlement process. K_dReceive registration information. By doing so, processing of the electronic distribution service center 1 is reduced as compared with processing for each device.
[0051]
The information on whether or not the purchase process recorded in the user registration database is possible indicates whether or not the device can purchase the right to use the content. For non-purchasable devices, proxy purchase of usage rights from other devices that can be purchased (purchasing rights on another device and transferring all of those rights. No rights remain on the supply side) Distribution (refers to a method in which the right to use already purchased content is purchased again with the same usage right or different usage right and supplied to another device. At this time, there is no right on the supply side. In order to receive a discount privilege, it is necessary to be a group that uses the same settlement ID, because in the processing within a group that belongs to the same settlement ID. , Because the processing burden on the electronic distribution service center 1 is reduced, and therefore a discount can be received as a compensation) or management transfer (content playback rights, especially indefinite playback rights can be transferred) However, in the playback right transmitter, the device that the playback right receiver is managed is managed, and if the playback right is not returned, the management right cannot be transferred again. The right to use the content is obtained by performing a management rights transfer to the playback right transmitter that has given the playback right only.
[0052]
Here, a usage method / usage right of content and a purchasing method will be briefly described. There are two types of content usage methods: one in which the right to use the content is managed and held by the user, and the other in which the right to use is held by another device and used in the own device. As content usage rights, unlimited playback rights (there is no limitation on the playback period and number of times of content, and in the case of music content, playback is performed in a game program, etc.), playback rights with time restrictions ( Content playback period is limited), playback rights with limited number of times (contents can be played back only a limited number of times), unlimited copying rights (content copying period and number of times are not limited), number of times Restricted copy rights (contents with a limited number of copies) (Copy rights include copy rights without copy management information, copy rights with copy management information (SCMS), etc.) There is also a time-restricted copy right), and there is a management transfer right. And in addition to the usual purchase that purchases these usage rights directly, the usage rights are changed by changing the content of the usage rights that have already been purchased to another content. There are redistribution in which usage rights are separately purchased based on the rights, proxy purchase in which the usage rights are purchased on other devices as a proxy, and album purchase in which a plurality of content usage rights are purchased and managed.
[0053]
The information recorded in the proxy settlement person recorded in the user registration database indicates the ID of a device that has the accounting information generated when purchasing the right to use the content be transmitted to the electronic distribution service center 1 on behalf of the user.
[0054]
  The information recorded on the proxy purchaser recorded in the user registration database indicates the ID of a device that purchases the usage right on behalf of a device that cannot purchase the content usage right. However, all group devices that can be purchased are proxy purchasers.WestIf it is, there is no need to record it.
[0055]
Information indicating whether registration is possible or not recorded in the user registration database is updated based on information on unpaid charges, fraudulent processing, etc. supplied from a settlement organization (for example, a bank) or a credit card company. . In response to a request for registration of a device having an ID recorded as being unusable, the user management unit 18 refuses the registration, and the device that has been refused the registration cannot subsequently purchase the contents of this system. In addition, data transmission / reception with other devices in the user home network 5 cannot be performed. In some cases, the use of purchased content may be restricted (however, the device may be re-registered after bringing the device into the electronic distribution service center 1 or the like for inspection). In addition to “registration possible” and “registration not possible”, there may be states such as “payment unprocessed” and “pause”.
[0056]
The user management unit 18 is also supplied with billing information, registration information, and price information and a handling policy as needed from the devices of the user home network 5, and the billing information, price information, and handling policy are supplied to the history data management unit 15. Output to the device of the user home network 5 and the delivery key K_dSupply registration information. The supply timing will be described later.
[0057]
Here, the registration information will be described with reference to FIG. In addition to the information in the user registration database, the registration information in FIG. 8 includes a payment ID and a signature, and includes only information on the same payment group. The payment ID indicates an ID in a user information database (for example, a bank account number or a credit card number) of a user used by the billing requesting unit 19 and the cashier 20 when making a payment. The generation of the signature will be described later.
[0058]
Returning to FIG. 2 again, the billing request unit 19 calculates the billing to the user based on the billing information, the price information as required, and the handling policy supplied from the history data management unit 15, and the result is Supply to the cashier 20. In addition, payment information is provided to the user via the user management unit 18 as necessary. The depositing / dispensing unit 20 communicates with an external bank or the like (not shown) based on the amount of withdrawal to the user, the content provider 2 and the service provider 3 and the usage fee to be collected, and executes a settlement process. The depositing / dispensing unit 20 remits all sales to the service provider 3, and the service provider 3 may distribute profits based on the distribution information transmitted via the profit distributing unit 16. The auditing unit 21 validates the charging information, price information, and handling policy supplied from the device of the user home network 5 from the handling policy supplied from the content provider 2 and the price information supplied from the service provider 3. Audit gender.
[0059]
Further, the processing of the auditing unit 21 includes a process of auditing the consistency between the amount received from the user home network 5 and the total amount of profits distributed or the amount sent to the service provider 3, and the equipment of the user home network 5 There is a process for auditing whether or not the data in the billing information supplied from the server includes, for example, a content provider ID that cannot exist, a service provider ID, an unimaginable share, a price, and the like.
[0060]
The certificate authority 22 generates a public key certificate supplied from the key server 14, supplies the certificate to the content provider 2 and the service provider 3, and a large-capacity storage unit 68 (described later) of the home server 51 when the user device is manufactured. A public key certificate stored in the small-capacity storage unit 75 (described later) of the stationary device 52 is also generated. When the content provider 2 does not author content, there are a content server 23 and a content authoring 24 that hold the content as alternative methods.
[0061]
FIG. 9 is a block diagram illustrating a functional configuration of the content provider 2. The content server 31 stores the content to be supplied to the user and supplies it to the digital watermark (watermark) adding unit 32. The digital watermark adding unit 32 inserts a content provider ID indicating that the content is supplied to the content supplied from the content server 31 in the form of a digital watermark and supplies the content provider ID to the compression unit 33. The compression unit 33 compresses the content supplied from the digital watermark adding unit 32 by a method such as ATRAC (Adaptive Transform Acoustic Coding) (trademark) and supplies the compressed content to the content encryption unit 34 which is a content encryption unit. Incidentally, as a compression method, a method such as MP3 or AAC can be used instead of ATRAC. The content encryption unit 34 converts the content compressed by the compression unit 33 into a key supplied from the content key generation unit 35 (hereinafter, this key is used as the content key K)._coAnd the result is output to a signature generation unit 38 serving as a transmission means.
[0062]
The content key generation unit 35 receives the content key K_coA random number having a predetermined number of bits is generated, and a weak key (for example, K_co= 1E1E1E1E0E0E0E0E, 1EE01EE00EF00EF0, etc.) except for a bit string inappropriate for encryption is supplied to the content encryption unit 34 and the content key encryption unit 36. When using an encryption algorithm that does not have such an inappropriate bit string, processing for removing the inappropriate bit string is unnecessary. The content key encryption unit 36 includes a content key K_coThe individual key K supplied from the electronic distribution service center 1_iIs encrypted using a common key encryption method such as DES, and the result is output to the signature generation unit 38. Incidentally, the encryption method is not limited to DES, and a public key encryption method such as RSA (Rivest, Shamir, Adleman) may be used.
[0063]
DES is an encryption method that processes a 64-bit plaintext as one block using a 56-bit common key. The DES process includes a part that stirs plaintext and converts it into a ciphertext (data stirring part), and a part that generates a key (expanded key) used in the data stirring part from the common key (key processing part). Since all DES algorithms are open to the public, the basic processing of the data agitation unit will be briefly described here.
[0064]
First, the plaintext 64 bits are divided into upper 32 bits H0 and lower 32 bits L0. Using the 48-bit extended key K1 supplied from the key processing unit and the lower 32 bits L0 as inputs, the output of the F function obtained by stirring the lower 32 bits L0 is calculated. The F function is composed of two types of basic transformations: “substitution” in which numerical values are replaced by a predetermined rule and “transposition” in which bit positions are replaced by a predetermined rule. Next, the upper 32 bits H0 and the output of the F function are exclusive-ORed, and the result is L1. L0 is set to H1.
[0065]
The above process is repeated 16 times based on the upper 32 bits H0 and the lower 32 bits L0, and the obtained upper 32 bits H16 and the lower 32 bits L16 are output as ciphertext. Decryption is realized by reversing the above procedure using the common key used for encryption.
[0066]
In the present embodiment, DES is shown as the common key cipher, but FEAL (Fast Encryption Algorithm), IDEA (International Data Encryption Algorithm), E2 proposed by NTT (trademark), and AES (US Advanced Encryption Standard) are proposed. Advanced Encryption Standard).
[0067]
The handling policy generation unit 37 generates a handling policy for content, and outputs the handling policy to the signature generation unit 38 corresponding to the content to be encrypted. Note that the handling policy generation unit 37 may supply the generated handling policy to the electronic distribution service center 1 via communication means (not shown), and the data is held and managed. The signature generation unit 38 uses the encrypted content and the encrypted content key K_co, Encrypted individual key K_i, An electronic signature is added to the handling policy and transmitted to the service provider 3 together with the certificate Ccp of the content provider 2 (hereinafter, the encrypted content, the encrypted content key K_co, Encrypted individual key K_i, Each of the handling policies added with an electronic signature using the private key of the content provider 3 is referred to as a content provider secure container). Note that a single signature may be attached to the entire data instead of adding a signature to each piece of data separately.
[0068]
The mutual authentication unit 39 performs mutual authentication with the electronic distribution service center 1 and also performs mutual authentication with the service provider 3 prior to transmission of the content provider secure container to the service provider 3 as necessary. The memory 40A has an individual key K that the content provider 2 must keep secretly._iIt is desirable to use a tamper-resistant memory that does not allow data to be easily read by a third party, but there is no need for hardware restrictions (for example, a hard disk in a room where entry is controlled, password management, etc. PC hard disk etc.) Further, the memory 40B stores the delivery key K_dIndividual key K encrypted with_iSince the public key certificate of the content provider 2 is only stored, anything such as a normal storage device may be used (it is public information, so it is not necessary to keep it secret). The memories 40A and 40B may be single.
[0069]
A signature is a data attached to data or a certificate, which will be described later, for tampering check and creator authentication. Take a hash value with a hash function based on the data you want to send and use it as a private key for public key cryptography. Created using.
[0070]
The hash function and signature will be described. The hash function is a function that receives predetermined data to be transmitted as input, compresses the data into data having a predetermined bit length, and outputs the data as a hash value. In the hash function, it is difficult to predict the input from the hash value (output). When one bit of the data input to the hash function changes, many bits of the hash value change, and the same hash value is changed. It has a feature that it is difficult to find input data. As the hash function, MD (Message Digest) 4, MD5, SHA (Secure Hash Algorithm) -1 or the like is used.
[0071]
The signature generation unit 38 of the transmission apparatus (content provider 2) that transmits data and signature generates a signature using, for example, elliptic curve cryptography that is a public key cryptosystem. This process will be described with reference to FIG. 10 (EC-DSA (Elliptic Curve Digital Signature Algorithm), IEEE P1363 / D3). In step S1, M is a message, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y² = X^Three + Ax + b), G is the base point on the elliptic curve, r is the order of G, K_sSecret key (0 <K_s<R). In step S2, the random number u is generated by the random number generation unit so that 0 <u <r. In step S3, coordinates obtained by multiplying the base point by u are calculated. The addition and doubling on the elliptic curve are defined as follows.
[0072]
P = (X₀ , Y₀ ), Q = (X₁ , Y₁ ), R = (X₂ , Y₂ ) = P + Q, and when P ≠ Q,
X₂ = Λ² -X₀ -X₁
Y₂ = Λ (X₀ -X₂ -Y₀
λ = (Y₁ -Y₀ ) / (X₁ -X₀ )
When P = Q,
X₂ = Λ² -2X₀
Y₂ = Λ (X₀ -X₂ -Y₀
λ = (3X₀ ²+ A) / 2Y₀
Using these, u times the point G is calculated (the speed is slow, but the following is the most easily understood calculation method: G, 2G, 4G,.. Corresponds to where is standing (2ⁱ) × G is added (i is a bit position when counted from the LSB of u)). In step S4, c = X_v  mod r is calculated, and it is determined whether or not this value is 0 in step S5. If it is not 0, the process proceeds to step S6, where the hash value of the message M is calculated, and f = SHA-1 (M). Next, in step S7, d = [(f + cK_s) / U] mod r is calculated, and it is determined whether d is 0 in step S8. If d is not 0, c and d are used as signature data. Assuming that r is 160 bits long, the signature data is 320 bits long.
[0073]
In step S5, if c is 0, the process returns to step S2 to generate a new random number. Similarly, if d is 0 in step S8, the process returns to step S2 to generate a random number again.
[0074]
The receiving apparatus (user home network 5) that has received the signature and data verifies the signature using, for example, elliptic curve cryptography, which is a public key cryptosystem. This process will be described with reference to FIG. (Receiving device) In step S10, M is a message, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y² = X^Three + Ax + b), G is the base point on the elliptic curve, r is the order of G, G and K_sG is the public key (0 <K_s<R). In step S11, it is checked whether the signature data c and d satisfy 0 <c and d <r. If this is satisfied, the hash value of the message M is calculated in step S12, and f = SHA-1 (M). Next, h = 1 / d mod r is calculated in step S13, and h is calculated in step S14.₁ = Fh, h₂ = Ch mod r is calculated. In step S15, already calculated h₁ And h₂ And P = (X_p, Y_p) = H₁ G + h₂ K_sG is calculated. Since the signature verifier knows the public keys G and KsG, this calculation can be performed in the same manner as in step S3. In step S16, it is determined whether P is an infinite point. If not, the process proceeds to step S17 (in practice, the infinite point can be determined in step S15. That is, P = (X, Y), when Q = (X, -Y) is added, it is found that the above-mentioned λ cannot be calculated, and that R is an infinite point._pmod r is calculated and compared with the signature data c. If the values match, the process proceeds to step S18, where it is determined that the signature is correct.
[0075]
If it is determined that the signature is correct, it is understood that the received data is not falsified and is data transmitted from a transmission apparatus that holds a secret key corresponding to the public key.
[0076]
If the signature data c and d do not satisfy 0 <c and d <r in step S11, the process proceeds to step S19. In step S16, if P is an infinite point, the process proceeds to step S19. Furthermore, in step S17, X_p  Even if the value of mod r does not match the signature data c, the process proceeds to step S19. In step S19, it is determined that the signature is not correct.
[0077]
If it is determined that the signature is not correct, it can be seen that the received data has been tampered with or is not data transmitted from a transmission apparatus holding a secret key corresponding to the public key.
[0078]
In the present embodiment, SHA-1 is used as the hash function, but any function such as MD4 or MD5 may be used. Also, signature generation and verification may be performed using RSA encryption (ANSI X9.31-1).
[0079]
Next, encryption / decryption of the public key cryptosystem will be described. In contrast to the common key cryptosystem that uses the same key (common key) for encryption and decryption, the public key cryptosystem differs in the key used for encryption and the key used for decryption. When using a public key cryptosystem, even if one of the keys is made public, the other can be kept secret. The key that may be made public is called a public key, and the other key kept secret is called a secret key. Called.
[0080]
A typical elliptic curve encryption method among public key encryption methods will be described. In FIG. 12, in step S20, M_x, M_yIs a message, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y² = X^Three + Ax + b), G is the base point on the elliptic curve, r is the order of G, G and K_sG is the public key (0 <K_s<R). In step S21, a random number u is generated so that 0 <u <r. Public key K in step S22_sA coordinate V obtained by multiplying G by u is calculated. Since the scalar multiplication on the elliptic curve is the same as the method described in the signature generation, the description is omitted here. In step S23, the X coordinate of V is changed to M._xMultiply by p to find the remainder X₀ And In step S24, the Y coordinate of V is set to M._yMultiply and calculate remainder with p Y₀ And Note that if the message length is less than the number of bits in p, M_yUses random numbers, and the decryption unit uses M_yTo destroy. In step S25, uG is calculated, and in step S26, the ciphertext uG, (X₀ , Y₀ )
[0081]
Here, decryption of the public key cryptosystem will be described with reference to FIG. In step S30, uG, (X₀ , Y₀ ) Is the ciphertext data, p is the characteristic, a and b are elliptic curve coefficients (elliptic curve: y² = X^Three + Ax + b), G is the base point on the elliptic curve, r is the order of G, K_sSecret key (0 <K_s<R). In step S31, the encrypted data uG is converted into the secret key K_sDouble. In step S32, (X₀ , Y₀ )₁ = X₀ / X_v  Calculate mod p. In step S33, Y₁ = Y₀ / Y_v  Calculate mod p. In step S34, X₁ M_xY₁ M_yRetrieve the message as At this time, M_yIf you did not make a message₁ Is discarded.
[0082]
Thus, in the public key cryptosystem, the secret key is K_s, Public key G, K_sBy using G, the key used for encryption and the key used for decryption can be different.
[0083]
As another example of the public key cryptosystem, RSA cryptography (Rivest, Shamir, Adleman) is known.
[0084]
FIG. 14 is a block diagram illustrating a functional configuration of the service provider 3. The content server 41 stores the public key certificate of the content provider 2 and the encrypted content supplied from the content provider 2. The public key certificate of the content provider 2 is verified by the certificate checking unit 42 with the public key of the certificate authority 22 and the signature in the certificate is successfully verified. To supply. In the signature verification unit 43, the signature of the content provider 2 for the handling policy stored in the content server 41 is verified using the public key of the content provider 2 verified earlier. It supplies to the attaching part 44. The pricing unit 44 creates price information from the handling policy and supplies it to the signature generation unit 45. The signature generation unit 45 generates a signature for price information using a secret key of the service provider 3 held in a tamper-resistant memory (not shown) (same as 40A in the content provider 2) (hereinafter, content provider secure container) And the price information added with an electronic signature using the secret key of the service provider 3 is called a service provider secure container). Instead of adding a signature to the price information, one signature may be generated for the content provider secure container and the entire price information. Then, the service provider secure container, the public key certificate of the content provider 2 and the public key certificate of the service provider 3 are supplied to the user home network 5 via the network 4 (FIG. 1). The mutual authentication unit 46 performs mutual authentication with the electronic distribution service center 1 and also performs mutual authentication with the user home network 5 if possible via a content provider, the Internet, cable communication, or the like.
[0085]
FIG. 15 is a block diagram showing a configuration of the user home network 5. The home server 51 receives the secure container including the content from the service provider 3 via the network 4, purchases the right to use the content, exercises the right, and decrypts, decompresses, reproduces, and copies the content. .
[0086]
The communication unit 61 communicates with the service provider 3 or the electronic distribution service center 1 via the network 4 and receives or transmits predetermined information. The host controller 62 receives a signal from the input unit 63, displays a predetermined message or the like on the display unit 64, performs content usage right purchase processing using the encryption processing unit 65, and sends it to the decompression unit 66. The encrypted content read from the capacity storage unit 68 is supplied, and the encrypted content or the like is stored in the large capacity storage unit 68. The input means 63 transmits a signal from the remote controller and input data from the input button to the host controller 62. The display means 64 is composed of a display device such as a liquid crystal display, and issues instructions to the user or displays information. The input unit 63 and the display unit 64 may be a touch panel type liquid crystal display or the like as necessary, and may be combined into one. The cryptographic processing unit 65 performs mutual authentication with the cryptographic processing unit of the service provider 3 or the electronic distribution service center 1 or other equipment, purchases the content usage right, encrypts / decrypts predetermined data, and Key K_coAnd the external memory that holds the license agreement information, and the delivery key K_d, Storing billing information and the like. The decompression unit 66 performs mutual authentication with the encryption processing unit 65 and performs the content key K_coAnd receive this content key K_coIs used to decrypt the encrypted content supplied from the host controller 62, decompress it using a predetermined method such as ATRAC, and insert a predetermined digital watermark into the content. The external memory 67 is composed of a nonvolatile memory such as a flash memory or a volatile memory with a backup power source._saveEncrypted content key K_coAnd license agreement information. The large-capacity storage unit 68 is a storage device such as an HDD or an optical disk, and is a content provider secure container and a service provider secure container (encrypted content, individual key K_iEncrypted content key K_co, Delivery key K_dIndividual key K encrypted with_i, Handling policy, price information and their signature), public key certificate, registration information, etc. are stored.
[0087]
Mutually authenticates with the electronic distribution service center 1, purchases content usage rights, generates billing information, decrypts / encrypts predetermined data, and creates a content key K_coAnd the external memory that holds the license agreement information, and the delivery key K_dThe encryption processing unit 65 that stores accounting information and the like includes a control unit 91, a storage module 92, a registration information inspection module 93, a purchase processing module 94, a mutual authentication module 95, an encryption / decryption module 96, and an external memory control unit 97. Consists of The cryptographic processing unit 65 is composed of a single-chip cryptographic processing-dedicated IC, has a multi-layer structure, and its internal memory cell is sandwiched between dummy layers such as an aluminum layer, and has an operating voltage or frequency width. It has a characteristic (tamper resistance) that makes it difficult to read data illegally from the outside, such as being narrow.
[0088]
The control unit 91 controls each module in accordance with a command from the host controller 62 and returns a result from each module to the host controller 62. The storage module 92 receives the billing information supplied from the purchase processing module 94 and the delivery key K_dEtc., and when other functional blocks execute predetermined processing, the delivery key K_dAnd so on. The registration information inspection module 93 inspects the registration information supplied from the host controller 62 and determines whether or not to mutually authenticate with other devices in the user home network 5, whether or not charging information should be exchanged, Judge whether or not to distribute. The purchase processing module 94 generates new license agreement information from the handling policy and price information (and possibly the license agreement information already held) included in the secure container received from the service provider 3. The billing information is generated and output to the storage module 92. The mutual authentication module 95 performs mutual authentication with the encryption processing unit and the decompression unit 66 of other devices in the electronic distribution service center 1 and the home network 5 and, if necessary, a temporary key K._temp(Session key) is generated and supplied to the encryption / decryption module 96.
[0089]
The decryption / encryption module 96 includes a decryption unit 111, an encryption unit 112, a random number generation unit 113, a signature generation unit 114, and a signature verification unit 115. The decryption unit 111 has a delivery key K_dIndividual key K encrypted with_iDecryption or individual key K_iEncrypted content key K_coDecryption or temporary key K_tempDecrypt various data encrypted with. The encryption unit 112 stores the decrypted content key K_coStored key K held in storage module 92_saveAnd output to the external memory control unit 97 via the control unit 91, or the temporary key K_tempTo encrypt various data. The random number generation unit 113 generates a random number of a predetermined number of digits and supplies it to the mutual authentication module 95 and the signature generation unit 114. The signature generation unit 114 calculates a hash value of the message supplied from the control unit 91, generates signature data using the random number supplied from the random number generation unit 113, and outputs the signature data to the control unit 91. The signature verification unit 115 determines whether the signature is correct from the message and signature data supplied from the control unit, and outputs the result to the control unit 91. The signature generation / verification method is the same as that described above with reference to FIGS.
[0090]
The external memory control unit 97 controls the external memory 67 to read / write data, and verifies whether the data in the external memory has been tampered with. FIG. 16 is a block diagram for explaining the operation of the external memory control unit 97. In FIG. 16, the storage module 92 stores N falsification preventing hash values (Integrity Check Value). The external memory 67 is divided into N block data areas, and each of the data areas has M sets of content keys K._coAnd license agreement information can be written. The external memory 67 also has other areas that can be freely used. The falsification preventing hash value ICV is a hash value for all data in the external memory 67 corresponding thereto. The read procedure and write procedure of the external memory will be described later using a flowchart.
[0091]
A decompression unit 66 (FIG. 15) that decrypts and decompresses content and adds a predetermined digital watermark includes a mutual authentication module 101, a key decryption module 102, a decryption module 103, a decompression module 104, a digital watermark addition module 105, and a storage. The module 106 is configured. The mutual authentication module 101 performs mutual authentication with the cryptographic processing unit 65 and generates a temporary key K_tempIs output to the key decryption module 102. The key decryption module 102 is read from the external memory 67 and stored in the temporary key K_tempContent key K encrypted with_coTemporary key K_tempThe data is decrypted and output to the decryption module 103. The decryption module 103 uses the content key K to store the content recorded in the mass storage unit 68._coAnd then output to the decompression module 104. The decompression module 104 further decompresses the decrypted content by a method such as ATRAC and outputs it to the digital watermark addition module 105. The digital watermark adding module 105 inserts the individual ID of the encryption processing unit that has performed the purchase processing into the content using the digital watermark technology, and outputs the content to another device or a speaker (not shown) to reproduce the music.
[0092]
The storage module 106 stores key data necessary for mutual authentication with the encryption processing unit 65. Note that the extension portion 66 preferably has tamper resistance.
[0093]
The external memory 67 stores the use permission condition information and the storage key K generated when the purchase processing module 94 purchases the right._saveEncrypted content key K_coIs remembered. The large-capacity storage unit 68 records a secure container, a public key certificate, registration information, and the like supplied from the service provider 3.
[0094]
A stationary device 52 that records and reproduces the content supplied from the service provider 3 on a recording medium 80 such as an optical disk and a semiconductor memory that is mounted includes a communication unit 71, a host controller 72, an encryption processing unit 73, an expansion unit 74, and a small unit. A capacity storage unit 75, a recording / playback unit 76, an input unit 77, a display unit 78, an external memory 79, and a recording medium 80 are included. The communication unit 71 has the same function as the communication unit 61, and a description thereof is omitted. The host controller 72 has the same function as the host controller 62, and a description thereof will be omitted. The cryptographic processing unit 73 has the same function as the cryptographic processing unit 65, and a description thereof will be omitted. The expansion unit 74 has the same function as the expansion unit 66, and a description thereof will be omitted. The small-capacity storage unit 75 has the same function as the large-capacity storage unit 68, but the content itself is not saved, and only the public key certificate and registration information are stored. The recording / playback unit 76 is loaded with a recording medium 80 such as an optical disk or a semiconductor memory, records content on the recording medium 80, and outputs the read content to the decompression unit. The input unit 77 has the same function as the input unit 63, and a description thereof will be omitted. The display unit 78 has the same function as the display unit 64, and a description thereof will be omitted. The external memory 79 has the same function as the external memory 67, and a description thereof is omitted. The recording medium 80 may be, for example, an MD (Mini Disk: trademark) or a storage medium dedicated to electronic distribution (Memory Stick: trademark using a semiconductor memory).
[0095]
A portable device 53, which is a device that a user carries and plays music, includes a communication unit 81, a host controller 82, an encryption processing unit 83, an expansion unit 84, and an external memory 85. The communication unit 81 has the same function as the communication unit 61, and a description thereof is omitted. The host controller 82 has the same function as the host controller 62, and a description thereof will be omitted. The cryptographic processing unit 83 has the same function as the cryptographic processing unit 65, and a description thereof will be omitted. The extension unit 84 has the same function as the extension unit 66, and a description thereof will be omitted. The external memory 85 has the same function as the external memory 67, and a description thereof is omitted. However, these memories are not limited to semiconductor memories but may be HDDs, rewritable optical disks, or the like.
[0096]
FIG. 17 shows a configuration diagram of a recording medium dedicated to electronic distribution. A recording medium 120 that stores electronically distributed content includes a communication unit 121, an encryption processing unit 122, and an external memory 123. The communication unit 121 transmits / receives data to / from the recording / reproducing unit 76 of the stationary device 52 (FIG. 15). Mutual authentication with stationary device 52, transfer of content usage right, decryption / encryption of predetermined data, content key K_coAnd the external memory that holds license agreement information, etc._saveAnd the like have the same functions as the encryption processing unit 65, and the description thereof is omitted. The external memory 123 stores the storage key K_saveEncrypted content key K_co, Content key K_coThe contents encrypted in the above, the use permission condition information defining the use condition of the contents, the handling policy and the price information as necessary are stored.
[0097]
The electronic distribution dedicated recording medium 120 is used differently from the recording medium described for the stationary device 52. The normal recording medium 80 is a substitute for the large-capacity storage unit 68 of the home server 51, whereas the electronic distribution dedicated medium 120 is not different from a portable device that does not have an expansion unit. Therefore, when reproducing the content, a device such as the stationary device 52 having the decompression unit 74 is necessary. However, with respect to the functions for receiving the content and managing the content, the home server 51 and the portable device 53 are used. The same processing can be performed. Due to these differences, content recorded on a normal recording medium cannot be played back by a device other than the recording device, but content recorded on the electronic distribution recording medium 120 can be played back by a device other than the recording device. Will be able to. That is, a normal recording medium has a content key K_coContent key K because there is only content encrypted with_coPlayback is not possible with devices other than those that have (recorded). On the other hand, in the electronic distribution dedicated recording medium 120, the content key K_coContent key K as well as content encrypted with_coThe storage key K with 120 recording media dedicated to electronic distribution_saveTherefore, it can be played back by another device.
[0098]
That is, after mutual authentication is performed between the mutual authentication module 128 of the cryptographic processing unit 122 and the mutual authentication module (not shown) of the cryptographic processing unit 73 of the stationary device 52, the storage key K unique to the dedicated recording medium is obtained._save3 Content key K_CODecrypted and shared temporary key K_tempContent key K_coIs encrypted and transmitted to the encryption processing unit 73 for reproduction.
[0099]
FIG. 18 is a block diagram showing the data storage status in each device. In the home server 51, the storage module 92 in the cryptographic processing unit 65 has an individual ID for identifying a device (the same as that for identifying the cryptographic processing unit), and a settlement ID used for billing (necessary Depending on the device, it can be replaced with an individual ID and may be unnecessary because it is in the registration information.)_saveA public key of the electronic distribution service center 1 used for mutual authentication with the electronic distribution service center 1 (not required if there is a public key certificate of the electronic distribution service center 1), and a certificate authority for verifying the public key certificate 22 public keys and a common key used for mutual authentication with the decompression unit 66 are stored. These data are data stored in advance when the device is manufactured. On the other hand, a delivery key K periodically distributed from the electronic distribution service center 1_d, Billing information written in the purchase process, content key K held in the external memory 67_coThe hash value for tampering check of the use permission condition information is data stored after the device is used, and these data are also stored in the storage module 92. In the storage module 106 in the decompression unit 66, an individual ID for specifying the decompression unit and a common key used for mutual authentication with the encryption processing unit 65 are stored in advance when the device is manufactured. In order to make the encryption processing unit 65 and the decompression unit 66 correspond one-to-one, each storage module may have a mutual ID (since mutual authentication is performed with a common key, the result is Can be exchanged only by the corresponding encryption processing unit and decompression unit, but the processing may be mutual authentication of public key cryptosystem, and the stored key is not a common key but unique to the decompression unit 66. Secret key).
[0100]
The external memory 67 stores a storage key K used for decrypting the content._saveEncrypted content key K_co, Its content key K_coThe use permission condition information indicating the conditions when using is stored. The large-capacity storage unit 68 also includes a public key certificate (device public key certificate) corresponding to a device-specific private key in the storage module 92, registration information, a content provider secure container (content key K_coEncrypted content and its signature, individual key K_iEncrypted content key K_coAnd its signature, delivery key K_dIndividual key K encrypted with_iThe service provider secure container (price information and its signature), the content provider 2 public key certificate, and the service provider 3 public key certificate are stored.
[0101]
The portable device 53 includes an encryption processing unit 83 that is the same as the encryption processing unit 65 held by the home server 51 and an external memory 85 that is the same as the external memory 67 (those with the same internal data are omitted). For example, extension part). However, the data held therein is slightly different as shown in the figure. The data stored in the storage module in the cryptographic processing unit 83 includes an individual ID for specifying a device, a secret key that is different for each device, and a storage key K_saveThe public key of the electronic distribution service center 1 used for mutual authentication with the electronic distribution service center 1 (however, it is not necessary when the home server 51 performs all procedures with the electronic distribution service center 1) A public key of the certificate authority 22 for verifying the public key certificate and a common key used for mutual authentication with the decompression unit 84 are stored. These data are data stored in advance when the device is manufactured. The content key K held in the external memory 85_coAnd a hash value for tampering check of the license agreement information, settlement ID as necessary, delivery key K_d, Registration information (part of) (if you do not purchase, payment ID, delivery key K_dIs not required) is data stored after the device is used, and these data are also stored (when the purchase process is performed, charging information is also stored). The external memory 85 includes a public key certificate and a content key K corresponding to the private key of each device in the encryption processing unit 83._coEncrypted content and its signature (in addition to the individual key K_iEncrypted content key K_coAnd its signature, delivery key K_dIndividual key K encrypted with_iAnd, if necessary, the handling policy and its signature, price information and its signature may also be stored), and the storage key K used when decrypting the content_saveEncrypted content key K_coIn addition, use permission condition information indicating a condition for using the content is stored. Further, the public key certificate of the content provider 2 and the public key certificate of the service provider 3 are also stored as necessary.
[0102]
The stationary device 52 includes a recording medium 80 in addition to the configuration of the home server 51. The recording medium may be a normal MD or CD-R, or may be a storage medium dedicated to electronic distribution. In the former case, the stored data is decrypted content to which a copy prohibition signal is added, but of course, the encrypted content may be stored (storage key K_saveEncrypted content key K_coMay also be stored. At this time, only the stored device can be reproduced. Because storage key K_saveIs different for each device).
[0103]
As a storage medium, FIG. 19 can be considered. In the electronic distribution dedicated storage medium 120, the storage module 125 in the encryption processing unit 122 includes an individual ID of the recording medium, a secret key that differs for each recording medium, and a public key certificate (external memory 123) corresponding to the secret key. Content key K)_coStorage key K used to encrypt_save(Generally different for each storage medium), the public key of the electronic distribution service center 1 (not required when not communicating with the center or when the external memory 123 has the public key certificate of the electronic distribution service center 1), the certificate authority Public key, hash value for checking falsification of the external memory 123, and registration information (a part thereof) are stored. The external memory 123 has a content key K_coEncrypted content (and its signature), storage key K_saveEncrypted content key K_coThe license agreement information is stored, and the handling policy (and its signature), price information (and its signature), the content provider 2 public key certificate, and the service provider 3 public key certificate are stored as necessary. Has been.
[0104]
20 and 21 are diagrams for explaining information transmitted and received among the electronic distribution service center 1, the content provider 2, the service provider 3, and the user home network 5. The content provider 2 attaches the public key certificate (details will be described later) of the content provider 2 to the content provider secure container (details will be described later) and transmits the content provider secure container (details will be described later) to the service provider 3. Further, the content provider 2 transmits the handling policy and its signature, and the certificate of the content provider 2 to the electronic distribution service center 1 as necessary.
[0105]
The service provider 3 verifies the public key certificate of the content provider 2, obtains the public key of the content provider 2, and verifies the signature of the received content provider secure container (only the handling policy may be verified). After successful verification of the signature, the handling policy is taken out from the content provider secure container, price information is generated based on the policy, and the price information is signed to make the service provider secure container (details will be described later). The content provider secure container, the service provider secure container, the public key certificate of the content provider 2 and the public key certificate of the service provider 3 (the details will be described later) are transmitted to the user home network 5. Further, the service provider 3 transmits price information and its signature, and the public key certificate of the service provider 3 to the electronic distribution service center 1 as necessary.
[0106]
After verifying the received secure container, the user home network 5 performs purchase processing based on the handling policy and price information included in the secure container, generates billing information, and stores it in the storage module in the encryption processing unit. Generate license agreement information, content key K_coIs decrypted and stored key K_saveRe-encrypted, license agreement information and re-encrypted content key K_coIs stored in the external memory 67. Then, in accordance with the license agreement information, the content key K_coSave key K_saveThe content is decrypted with this key, and the content is decrypted and used. The billing information is stored in a temporary key K at a predetermined timing._tempIs encrypted, signed, and transmitted to the electronic distribution service center 1 together with the handling policy and price information as necessary.
[0107]
The electronic distribution service center 1 calculates a usage fee based on the billing information and price information, and calculates the profits of the electronic distribution service center 1, the content provider 2, and the service provider 3. The electronic distribution service center 1 further compares the handling policy received from the content provider 2, the price information received from the service provider 3, the handling policy as necessary, and the handling policy and price information received from the user home network 5. The service provider 3 or the user home network 5 monitors whether or not fraud such as falsification of a handling policy or addition of an illegal price has occurred.
[0108]
Further, the electronic distribution service center 1 transmits the public key certificate of the content provider to the content provider 2 and transmits the public key certificate of the service provider to the service provider 3. In addition, at the time of factory shipment, in order to embed a public key certificate created for each device in each device, data related to the public key certificate of each device is delivered to the factory.
[0109]
FIG. 22 is a diagram for explaining a content provider secure container. The content provider secure container 1A has a content key K_coEncrypted content and its signature, individual key K_iEncrypted content key K_coAnd its signature, delivery key K_dIndividual key K encrypted with_iAnd its signature, handling policy and signature. The signature is obtained by applying a hash key generated by applying a hash function to each data, and adding the secret key K of the content provider 2_scpThis is data generated using. In the case of FIG. 22, key data (individual key K_iEncrypted content key K_CO, Delivery key K_dIndividual key K encrypted with_iFor each of the key data (individual key K_iEncrypted content key K_CO, Delivery key K_dIndividual key K encrypted with_i) May be combined into one to generate and add one signature. In this way, the key data that is always used as a unit is combined into one and a single signature is added, so that the signature can be verified only once.
[0110]
FIG. 23 is a diagram for explaining another example of the content provider secure container. The content provider secure container 1B has a content key K_coEncrypted content and its signature, individual key K_iEncrypted content key K_coAnd its signature, handling policy and signature.
[0111]
FIG. 24 is a diagram for explaining another example of the content provider secure container. The content provider secure container 1C has a content key K_coEncrypted content, individual key K_iEncrypted content key K_co, Delivery key K_dIndividual key K encrypted with_i, Handling policy, and signature. The signature is the content key K_coEncrypted content, individual key K_iEncrypted content key K_co, Delivery key K_dIndividual key K encrypted with_i, And the hash value generated by applying the hash function to the handling policy, and the secret key K of the content provider 2_scpThis is data generated using.
[0112]
FIG. 25 is a diagram for explaining another example of the content provider secure container. The content provider secure container 1D has a content key K_coEncrypted content, individual key K_iEncrypted content key K_co, Handling policy, and signature. The signature is the content key K_coEncrypted content, individual key K_iEncrypted content key K_co, And the hash value generated by applying the hash function to the handling policy, and the secret key K of the content provider 2_scpThis is data generated using.
[0113]
FIG. 26 is a diagram for explaining the public key certificate of the content provider 2. The public key certificate 2A of the content provider 2 includes the version number of the public key certificate, the serial number of the public key certificate assigned to the content provider 2 by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, and the public key Certificate expiration date, name of content provider 2, public key K of content provider 2_pcpAs well as a signature. The signature includes the version number of the public key certificate, the serial number of the public key certificate assigned to the content provider 2 by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the content provider 2 name and public key K of content provider 2_pcpTo the hash value generated by applying the hash function to the certificate authority private key K_scaThis is data generated using.
[0114]
FIG. 27 is a diagram for explaining another example of the public key certificate of the content provider 2. The public key certificate 2B of the content provider 2 includes the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the content provider 2, the algorithm and parameters used for the signature, the name of the certificate authority, and the public key Certificate expiration date, name of content provider 2, public key K of content provider 2_pcp, Delivery key K_dIndividual key K encrypted with_iAs well as a signature. The signature includes the version number of the public key certificate, the serial number of the public key certificate assigned to the content provider 2 by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the content provider 2 name, public key K of content provider 2_pcp, And delivery key K_dIndividual key K encrypted with_iTo the hash value generated by applying the hash function to the certificate authority private key K_scaThis is data generated using.
[0115]
FIG. 28 is a diagram for explaining another example of the public key certificate of the content provider 2. The public key certificate 2C of the content provider 2 is the version number of the public key certificate, the serial number of the public key certificate that the certificate authority assigns to the content provider 2, the algorithm and parameters used for the signature, the name of the certificate authority, the public key Certificate expiration date, name of content provider 2, public key K of content provider 2_pcp, Individual key K_iA part of the delivery key K_dThe data includes a predetermined type of data and a signature encrypted with The signature includes the version number of the public key certificate, the serial number of the public key certificate assigned to the content provider 2 by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the content provider 2 name, public key K of content provider 2_pcp, And individual key K_iA part of the delivery key K_dThe secret key K of the certificate authority is added to the hash value generated by applying the hash function to the predetermined type of data encrypted with_scaThis is data generated using.
[0116]
FIG. 29 is a diagram illustrating a service provider secure container. The service provider secure container 3A is composed of price information and a signature. The signature is obtained by applying the secret key K of the service provider 3 to the hash value generated by applying a hash function to the price information as necessary._sspThis is data generated using.
[0117]
FIG. 30 is a diagram for explaining another example of the service provider secure container. The service provider secure container 3B includes a content provider secure container, price information, and a signature. The signature is the content provider secure container, the hash value generated by applying the hash function to the price information, the secret key K of the service provider 3_sspThis is data generated using.
[0118]
FIG. 31 is a diagram for explaining the public key certificate of the service provider 3. The public key certificate 4A of the service provider 3 includes the version number of the public key certificate, the serial number of the public key certificate assigned to the service provider 3 by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, the public key Certificate expiration date, service provider 3 name, service provider 3 public key K_pspAs well as a signature. The signature includes the version number of the public key certificate, the serial number of the public key certificate assigned to the service provider 3 by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the service provider 3 name and public key K of service provider 3_pspTo the hash value generated by applying the hash function to the certificate authority private key K_scaThis is data generated using.
[0119]
FIG. 32 is a diagram for explaining the public key certificate of the User device. The public key certificate 5A of the user device is used for the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the user device (more precisely, the cryptographic processing unit (dedicated IC chip)), and signature. Algorithm and parameters, certificate authority name, public key certificate expiration date, user device name, user device public key K_puAs well as a signature. The signature includes the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the User device, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the user device Name and User device public key K_puTo the hash value generated by applying the hash function to the certificate authority private key K_scaThis is data generated using.
[0120]
FIG. 33 and FIG. 34 show the data format of the handling policy. The handling policy is generated for each single content or album content by the content provider 2 and shows the contents of the usage rights that the user home network 5 can purchase. Show.
[0121]
The data of handling policy for single content (Fig. 33) includes data type, handling policy type, handling policy expiration date, content ID, content provider ID, handling policy ID, handling policy version, region code , Usable device conditions, usable user conditions, service provider ID, generation management information, number of rules including the purchaseable usage rights indicated by the handling policy, address information indicating the storage location of the rules, and the address information Rules, public key certificates, and signatures stored at the indicated positions are stored.
[0122]
The rules include a rule number assigned as a reference number for each usage right, a usage right content number indicating the usage right content, its parameters, minimum selling price, profit amount of the content provider, profit rate of the content provider, data size It consists of transmission information.
[0123]
In addition, the data of the handling policy for the album content (FIG. 34) includes data type, handling policy type, handling policy expiration date, album ID, handling policy version, content provider ID, handling policy ID, Region code, usable device condition, usable user condition, service provider ID, number of single content handling policies constituting the album, address information indicating the storage location of the single content handling policy, indicating the address information Data packet of the single content handling policy stored at the location, generation management information, the number of rules including the purchaseable usage rights indicated by the handling policy, address information indicating the storage location of the rule, and the location indicated by the address information The rules, public key certificates, and signatures stored in are stored.
[0124]
The rules are the same as the rules for handling single content, the rule number assigned as the reference number for each usage right, the usage right content number, the parameter, the minimum selling price, the profit amount of the content provider, the content provider's profit amount, It consists of profit rate, data size, and transmission information.
[0125]
In these handling policies, the type of data indicates that the data is handling policy data, and the type of handling policy indicates whether the handling policy is a single or album content handling policy. The expiration date of the handling policy indicates the period of use of the handling policy by the date when it expires, or the number of days from the reference date when the usage is started to the date when it expires. The content ID and the album ID indicate the purchaseable single content and album content indicated by the handling policy, and the content provider ID indicates the ID of the content provider 2 that defines the handling policy.
[0126]
The ID of the handling policy is for identifying the handling policy. For example, when a plurality of handling policies are set for the same content, the handling policy ID is used to identify the handling policy. The version of the handling policy indicates the revised information of the handling policy revised according to the period of use. Therefore, the handling policy is managed by the ID of these handling policies and the version of the handling policy.
[0127]
The region code indicates the region where the handling policy can be used, and the region code includes a code indicating a specific region that limits the region where the handling policy can be used, and the handling policy is used in all regions. You can assign a code to enable. The usable device condition indicates a condition of a device that can use the handling policy, and the usable User condition indicates a user condition that can use the handling policy.
[0128]
The ID of the service provider indicates the ID of the service provider 3 that uses the handling policy. The ID of the service provider includes the ID of a specific service provider 3 that limits the service providers 3 that can use the handling policy, and the handling. There is an ID that allows a policy to be used by multiple (all) service providers.
[0129]
Furthermore, the generation management information indicates the maximum number of times that content can be purchased again. The signature is attached to the entire data type to public key certificate excluding the signature from the handling policy. The algorithm and parameters used when creating the signature and the key used for verifying the signature are included in the public key certificate.
[0130]
In the rule, the usage right content number is a number added for each usage right content, and the parameter indicates a parameter of the right content. The minimum selling price indicates the lowest selling price when selling single and album contents according to the contents of the right of use, and the profit amount and profit ratio of the content provider are determined by the content provider 2 when the single content and album content are purchased. It shows the amount of profit that can be obtained and the profit ratio with respect to the selling price. The data size indicates the data size of the transmission information. The transmission information is mile information that is set by the content provider 2 and is added to the user by purchasing the usage right, or a discount amount of the usage right according to the point. And various information set by the content provider 2 as necessary.
[0131]
Here, in the album content handling policy, the plurality of rules indicate the purchase mode of the album. In addition, in the handling policy of a plurality of single contents stored in the album content handling policy, the rules stored in the handling policy can be individually purchased as a single song from the corresponding single contents in the album. Alternatively, the single content purchase form in the album is shown such that the corresponding single content can be purchased only as an album song (that is, it can be purchased only as an album together with other single content).
[0132]
Accordingly, in the album content handling policy, album content is purchased so as to purchase album content based on the rules of the handling policy or to purchase single content as a single song based on the rules of the single content handling policy. And single content that can be sold as a single song are selected and purchased.
[0133]
In addition, in the album content handling policy, by signing the whole, it is possible to verify this signature without having to verify the signature of the single content handling policy stored in this handling policy. In addition to the album content handling policy, tampering checks and the like can be performed in accordance with the handling policy for each single content, and thus signature verification can be simplified.
[0134]
Incidentally, in the handling policy for single and album contents, the presence or absence of signature verification indicating whether or not to perform signature verification on content can be stored as necessary. This is because the amount of data in the content is relatively large and it takes time to verify the signature. When information on whether or not to verify the signature according to the handling policy is stored, the content signature is verified according to the information. Is executed or the verification is not executed.
[0135]
Further, in the album content handling policy, the handling policies of a plurality of single contents constituting the album are stored, but the handling policies of the plurality of single contents need not be stored.
[0136]
Further, in the handling policy of single and album contents, the profit amount and profit ratio of the content provider may be managed collectively by the electronic distribution service center 1, so that the profits of these content providers are shown in FIG. 35 and FIG. You may comprise except an amount and a profit margin.
[0137]
FIG. 37 and FIG. 38 show the data format of the price information, and the price information is generated by the service provider 3 for each handling policy of the single content given from the content provider 2 and each handling policy of the album content. Show prices for single content and album content.
[0138]
The price information (FIG. 37) data for single content includes data type, price information type, price information expiration date, content ID, service provider ID, price information ID, price information version, and region code. , Usable device conditions, usable user conditions, content provider ID, handling policy ID with the price information added, number of rules including the purchaseable usage rights indicated by the price information, and storage location of the rule The address information to be indicated, the rule stored at the position indicated by the address information, the public key certificate, and the signature are stored.
[0139]
The rule includes a rule number assigned as a reference number for each usage right, a profit amount of the service provider, a profit rate of the service provider, a price, a data size, and transmission information.
[0140]
The price information (FIG. 38) data for the album content includes data type, price information type, expiration date of price information, album ID, service provider ID, price information ID, price information version, Region code, usable device conditions, usable user conditions, content provider ID, handling policy ID with the price information added, number of single content price information constituting the album, price information of the single content Address information indicating the storage location, data packet of single content price information stored at the location indicated by the address information, the number of rules including a purchaseable usage right indicated by the price information, and an address indicating the storage location of the rule Information, rules stored at the location indicated by the address information, public key certificate, signature Is stored.
[0141]
And the rule is based on the rule number assigned as the reference number for each usage right, the profit amount of the service provider, the profit rate of the service provider, the price, the data size, and the transmission information, similarly to the rule of price information for single content. It is configured.
[0142]
In these price information, the type of data indicates that this data is price information data, and the type of price information indicates whether the price information is price information of single content or album content. The expiration date of the price information indicates the usage period of the price information by the date when the date expires or the number of days from the reference date to the expiration date. The content ID and the album ID indicate the purchaseable single content and album content indicated by the price information, and the service provider ID indicates the ID of the service provider 3 that created the price information.
[0143]
The ID of the price information is used to identify the price information. For example, when a plurality of price information is set for the same content, the price information is used to identify the price information. The version of price information indicates revision information of price information revised according to the period of use. Therefore, the price information is managed by the ID of the price information and the version of the price information.
[0144]
The area code shows the area where the price information can be used. The area code includes a code indicating a specific area that limits the area where the price information can be used, and the price information is used in all areas. You can assign a code to enable. The usable device condition indicates a condition of a device that can use the price information, and the usable User condition indicates a user condition that can use the price information. The content provider ID indicates the ID of the content provider 2 that defines a handling policy with price information added. The ID of the handling policy is for identifying the handling policy to which price information is added.
[0145]
Further, the signature is attached to the entire data type to public key certificate excluding the signature from the price information. The algorithm and parameters used when creating the signature and the key used for verifying the signature are included in the public key certificate.
[0146]
In the rule, the rule number is the same as the rule number indicated by the corresponding handling policy. The service provider's profit amount and profit ratio indicate the profit ratio with respect to the amount and price of the profit that the service provider 3 can obtain when single content and album content are purchased. The selling price of single content and album content set based on the minimum selling price is shown. The data size indicates the data size of the transmission information, and the transmission information is mile information that is set by the service provider 3 and is added to the user when the usage right is purchased or the discount amount of the usage right according to the point. And various information set by the service provider 3 as necessary.
[0147]
Here, when generating the price information, the service provider 3 can set all the purchaseable usage rights indicated by the corresponding handling policy as the purchaseable usage rights indicated by the price information, and the handling policy. The usage right arbitrarily selected from all the usage rights that can be purchased indicated by can be set as the purchaseable usage right indicated by the price information, and the usage rights defined by the content provider 2 can be selected.
[0148]
Further, in the price information of album content, a plurality of rules prescribe sales prices according to the album purchase mode. In addition, among the price information of multiple single contents stored in the price information of album content, the rule of price information of single content that can be sold as a single song defines the selling price of the single content that can be sold as the single song is doing.
[0149]
Accordingly, in the album content price information, the price information of the album and the sales price of the single content that can be sold as a single song can be recognized by the price information alone.
[0150]
Also, in the price information of album contents, since the signature is applied to the whole, the signature of the single content stored in the price information can be verified by simply verifying the signature. In addition to the price information of the album content, tampering checks and the like can be performed for the price information of each single content, and thus signature verification can be simplified.
[0151]
Incidentally, in the price information for singles and albums, it is possible to store the presence or absence of verification of signatures on the content, as in the handling policy described above with reference to FIGS. Further, although the price information of album contents stores price information of a plurality of single contents constituting the album, the price information of the plurality of single contents may not be stored.
[0152]
Furthermore, in the price information of single and album contents, the profit amount and the profit rate of the service provider may be collectively managed by the electronic distribution service center 1, and as shown in FIGS. You may comprise except an amount and a profit margin.
[0153]
FIG. 41 shows the data format of the license agreement information. The license agreement information is created based on the handling policy of the purchased content when the user purchases the content in the device in the user home network 5. The usage right content selected by the user from the usage right content indicated by the handling policy is shown.
[0154]
The data of the license agreement information includes the data type, the license agreement information type, the expiration date of the license agreement information, the content ID, the album ID, the encryption processing unit ID, the user ID, and the content provider ID. , Handling policy ID, handling policy version, service provider ID, price information ID, price information version, license agreement information ID, rule number assigned as a reference number to reproduction rights (usage rights), usage Right content number, remaining number of playbacks, expiration date of playback right, rule number assigned as reference number to copy right (use right), use right content number, remaining number of copies, generation management information, encryption holding replay right The ID of the processing unit is stored.
[0155]
In the license agreement information, the data type indicates that this data is the data of the license agreement information, and the type of license agreement information is the license agreement information of whether the license agreement information is single content or album content Is shown. The expiration date of the license agreement information indicates the usage period of the license agreement information by the date when the expiration date or the number of days from the reference date to the expiration date.
[0156]
An ID indicating the purchased single content is described in the content ID, and an ID indicating the album is described only in the album ID when the album is purchased. Actually, when the content is purchased as a single, an ID indicating the purchased single content is described only in the content ID, and when the content is purchased as an album, the album is added to the content ID. The IDs of all the single contents to be configured are described, and the ID indicating the purchased album is described in the album ID. Therefore, it can be easily determined whether the purchased content is a single or an album by looking at the ID of this album.
[0157]
The ID of the encryption processing unit indicates the encryption processing unit of the device in the user home network 5 that has purchased the content. The user ID indicates a plurality of users who share the device when a plurality of users share the device in the user home network 5 that purchased the content.
[0158]
The content provider ID indicates the ID of the content provider 2 that defines the handling policy used for creating the license agreement information, and the handling policy ID indicates the handling policy used for creating the license agreement information. Indicates. The version of the handling policy indicates revision information of the handling policy used to create the license agreement information. The service provider ID indicates the ID of the service provider 3 that created the price information used to create the license agreement condition information, and the price information ID indicates the price information used to create the license agreement information. . The version of the price information indicates revision information of the handling policy used for creating the license agreement information. Therefore, the content provider 2 or the service provider 3 that provided the content purchased by the user is determined by the content provider ID, the handling policy ID, the handling policy version, the service provider ID, the price information ID, and the price information version. It is made to get to know.
[0159]
The ID of the license agreement information is attached by the encryption processing unit of the device in the user home network 5 that purchased the content, and is used to identify the license agreement information. The rule number of the reproduction right indicates the reference number assigned to the reproduction right among the usage rights, and the rule number of the rule indicated by the corresponding handling policy and price information is used as it is. The usage right content indicates the content of the reproduction right described later. The remaining number of reproductions indicates the remaining number of reproductions of the number of reproductions set in advance with respect to the purchased content, and the expiration date of the reproduction right indicates the reproducible period for the purchased content by the date and time of expiration Yes.
[0160]
The rule number of the copy right indicates the reference number assigned to the copy right of the use right, and the rule number of the rule indicated by the corresponding handling policy and price information is used as it is. The usage right content indicates the content of a copy right to be described later. The remaining number of times of copying indicates the remaining number of times of copying out of the number of times of copying set in advance for the purchased content.
[0161]
Furthermore, the generation management information indicates the remaining number of times that the content can be purchased again when the content is purchased again. The ID of the encryption processing unit that holds the reproduction right indicates the encryption processing unit that currently holds the reproduction right, and the ID of the encryption processing unit that holds the reproduction right is changed when the transfer is managed.
[0162]
Incidentally, in the use permission condition information, an expiration date may be specified for the copy right, and when the expiration date is specified, the copyable period for the purchased content is indicated by the date and time when the expiration date or the like expires.
[0163]
FIG. 42 shows the billing information. The billing information is generated by the devices in the user home network 5 based on the handling policy and price information corresponding to the content when purchasing the content.
[0164]
The accounting information data includes data type, encryption processing unit ID, user ID, content ID, content provider ID, handling policy ID, handling policy version, service provider ID, price information ID, Version of price information, ID of license agreement information, rule number, profit amount and profit ratio of content provider 2, profit amount and profit ratio of service provider, generation management information, data size of transmission information set by content provider, The transmission information set by the content provider, the data size of the transmission information set by the service provider, the transmission information set by the service provider, and the supplier ID are stored.
[0165]
In the billing information, the type of data indicates that the data is billing information, and the ID of the encryption processing unit indicates the encryption processing unit of the device that generated the billing information by executing the content purchase process. The user ID indicates a plurality of users who share the device when a plurality of users share the device in the user home network 5 that purchased the content, and the content ID indicates the purchased content (single content Or album content).
[0166]
The content provider ID indicates the ID of the content provider 2 that defines the handling policy used for the purchase process (the content provider ID included in the handling policy), and the handling policy ID indicates the handling policy used for the purchase process. Indicates. The version of the handling policy indicates revision information of the handling policy used for the purchase process. The service provider ID indicates the ID of the service provider 3 that created the price information used for the purchase process (the service provider ID included in the price information), and the price information ID indicates the price information used for the purchase process. . The version of price information indicates revision information of price information used for purchase processing.
[0167]
The ID of the license agreement condition information indicates the ID of the license agreement condition information created at the time of purchase processing, and the rule number indicates the rule number assigned as the reference number to the purchased usage right. The profit amount and profit ratio of the content provider indicate the amount of dividends distributed to the content provider 2 by the purchase of content and the ratio to the sales, and the profit amount and profit ratio of the service provider are distributed to the service provider 3 by purchasing the content. The amount of dividends to be paid and the ratio to sales.
[0168]
Furthermore, the generation management information indicates the generation of the purchased content. In addition, the data size of the transmission information set by the content provider and the transmission information set by the content provider store the data size indicated by the handling policy used for the purchase process and the transmission information as they are, and are set by the service provider. The data size of the transmission information and the transmission information set by the service provider store the data size indicated by the price information used for the purchase process and the transmission information as they are. The supply source ID indicates the supply source device of the purchased content, and this ID is accumulated every time the content is repurchased.
[0169]
Incidentally, in the billing information, since the profit amount and profit rate of the content provider and the profit amount and profit rate of the service provider may be managed collectively by the electronic distribution service center 1, as shown in FIG. The profit amount and profit rate of the service provider and the profit amount and profit rate of the service provider may be excluded.
[0170]
FIG. 44 shows the contents of a purchase right that can be purchased. The use right is roughly divided into a reproduction right, a copy right, a right content change right, a repurchase right, an additional purchase right, and a management transfer right. .
[0171]
The playback rights include unlimited playback rights with no time limit and number of times limit, playback rights with a time limit that limits the playback period, playback rights with a limited time limit that limits the total playback time, and a frequency limit that limits the number of playbacks. There is a reproduction right. Copy rights include time limit, number limit, and copy management information without copy management information (eg, serial copy management: SCMS) Unrestricted copy right, limited number of copies but limited number of copies without copy management information and copy management Copy rights without information, copy rights with copy management information provided with copy management information although there is no time limit and number of times restrictions, number of times restricted with copy management information provided with copy management information and copy management There is a copy right with information. Incidentally, as copy rights, in addition to this, copy rights with a period restriction that restricts the duplicatable period (some with copy management information added and some without copy management information), and the accumulated copy time ( That is, there is a duplication right with an accumulated time restriction that restricts the accumulated time required to reproduce the copied content (some of which add copy management information and some do not add the copy management information).
[0172]
In addition, the rights change right is a right to change the contents of the usage right that has already been purchased as described above, and the repurchase right is also a separate right to use based on the rights purchased with other devices as described above. The right to purchase. The additional purchase right is the right to purchase another content of the album containing the content in addition to the already purchased content to make it into an album, and the management transfer right changes the holder by moving the purchased usage right It is a right.
[0173]
Next, a specific example of the usage right contents shown in FIG. 33 and the like will be described. Actually, as shown in FIG. 45 (A), as the data of unlimited reproduction rights, as shown in FIG. 45 (A), the effective period of the reproduction right is the date when the expiration date or the number of days from the reference date to the expiration date to the expiration date The expiration date information of the reproduction right indicated by, for example, is stored in the usage right content area. As shown in FIG. 45B, the reproduction right data with a limited period includes the date when the validity period of the reproduction right expires, or the number of days from the reference date to the expiration date to the expiration date. Is stored in the usage right content area.
[0174]
As shown in FIG. 45 (C), the reproduction right data with an accumulation time limit includes the date when the validity period of the reproduction right expires, or the number of days from the reference date of the validity period to the expiration date. The information on the expiration date of the reproduction right indicated by (2) and the information on the number of days and time indicating the limitation of the accumulated time that can be reproduced are stored in the area of the usage right content. As shown in FIG. 45D, the reproduction right data with the limited number of times includes the date when the validity period of the reproduction right expires, or the number of days from the date when the validity period starts to the date when it expires. The information on the expiration date of the reproduction right and the information on the number of times of reproduction indicating the number of times of reproduction can be stored in the usage right content area.
[0175]
In addition, as shown in FIG. 45 (E), as the data of unlimited copy rights without copy management information, as shown in FIG. 45 (E), the valid period of the copy right expires, or the date expires from the date that becomes the basis for the start of the valid period The information on the expiration date of the copy right indicated by the number of days until is stored in the area of the use right content. As shown in FIG. 45 (F), the copy right data with a limited number of times and no copy management information expires from the date when the valid time of the copy right expires or the date from which the valid period starts. Information on the expiration date of the copy right indicated by the number of days until the date and the information on the number of times of copy indicating the number of times that the copy right can be copied are stored in the usage right content area.
[0176]
As shown in FIG. 45G, the copy right information with copy management information includes the date when the valid period of the copy right expires, or the number of days from the date when the valid period starts to the date when it expires. The expiration date information of the copy right indicated by, for example, is stored in the usage right content area. As shown in FIG. 45 (H), the copy right data with copy limit information and copy right information includes the date when the valid period of the copy right expires, or the date when it expires from the date when the valid period starts. Information on the expiration date of the copy right indicated by the number of days until and the number of times of copy information indicating the number of times the copy right can be copied are stored in the area of the use right content.
[0177]
Furthermore, as shown in FIG. 45 (I), the right content change right data includes the date when the right content change right expires from the date when the right expires or the date from which the effective term starts. Information on the expiration date of the right to change the right content indicated by the number of days until the old rule number for searching for the right of use right before the change, and a new rule number for searching for the right of use right after the change It is stored in the area for the usage rights. By the way, there are multiple types of content for each usage right content, such as, for example, even if you view one playback right with a limited period, there are multiple types of playback rights with a limited period depending on the setting of that period To do. Accordingly, since it is difficult to manage the usage right content only with the usage right content number, in the right content changing right, the usage right content is managed by a rule number assigned to each of the plurality of contents for each usage right content.
[0178]
As shown in FIG. 45 (J), the data of the repurchase right includes the date when the valid period of the repurchase right expires, or the number of days from the date when the valid period starts to the date when it expires. Information on the expiration date of the re-purchase right indicated by, the old rule number for searching for the right of use right before re-purchase, the new rule number for searching for the right of use right after re-purchase, and the re-purchase The maximum distribution generation information indicated by the maximum number of times obtained is stored in the usage right content area.
[0179]
As the additional purchase right data, as shown in FIG. 45 (K), the validity period of the additional purchase right expires, or the number of days from the reference date to the expiration date to the expiration date Information on the expiration date of the additional purchase right indicated by, and the minimum possessed content number and the maximum retained content number indicating the single purchased content among the plurality of single contents constituting the album content are in the usage rights content area. Stored.
[0180]
As shown in FIG. 45 (L), the management movement right data includes the date when the validity period of the management movement right expires, or the number of days from the reference date of the validity period to the expiration date. Is stored in the usage right content area.
[0181]
Incidentally, as such use right contents, for example, when game data is divided into a plurality of contents, a content purchase right for purchasing these contents in a predetermined order may be defined. As shown in FIG. 45 (M), the content purchase right data includes the effective date of the content purchase right from the date when the expiration date is reached, or the date from which the expiration date starts to the date when the expiration date is reached. Information on the expiration date of the content purchase right indicated by the number of days, the ID of the content that has already been purchased, the old rule number for searching for the content of the usage right that has already been purchased, and the content of the usage right that has been newly purchased The new rule number for searching is stored in the usage right content area. By doing so, it is possible to allow a user to continuously purchase a game program or the like having a continuous story, or to upgrade the content (game) itself.
[0182]
FIG. 46 shows a single content data format. The single content data includes the data type, content type, content expiration date, content category, content ID, content provider ID, content The encryption method, the data length of the encrypted content, the encrypted content, the public key certificate, and the signature are stored.
[0183]
In this single content, the type of data indicates that the data is content data, and the type of content indicates that the content is single. The expiration date of the content indicates the distribution deadline of the content by the date when this time expires or the number of days from the reference date when the distribution is started to the date when the time expires. The content category indicates whether the content belongs to music data, program data, video data, or the like, and the content ID is for identifying the single content.
[0184]
The content provider ID indicates the ID of the content provider 2 that holds this single content. The content encryption method indicates an encryption method (for example, DES) used for encryption of the content. The signature is attached to the entire data from the type of data to the public key certificate excluding the signature from the single content data. The algorithm and parameters used when creating the signature and the key used for verifying the signature are included in the public key certificate.
[0185]
FIG. 47 shows the data format of the album content. The data of the album content includes the data type, content type, content expiration date, album ID, content provider ID, and number of single contents. , Single content address information, single content, public key certificate, and signature are stored.
[0186]
In this album content, the data type indicates that the data is content data, and the content type indicates that the content is an album. The expiration date of the content indicates the distribution deadline of the content by the date when this expiration expires or the number of days from the reference start date to the expiration date, and the album ID is used to identify the album content Is.
[0187]
The content provider ID indicates the ID of the content provider 2 that holds the album content. The number of single contents indicates the number of single contents constituting the album, the address information of the single contents indicates the storage position of the single contents constituting the album, and the single contents are actually stored at the position indicated by the address information. A plurality of single content data packets constituting the album. The signature is attached to the entire data from the data type to the public key certificate, excluding the signature from the album content data. The algorithm and parameters used when creating the signature and the key used for verifying the signature are included in the public key certificate.
[0188]
In addition, since the album contents are signed, the single contents stored in the album contents can be verified together with the album contents without verifying the signatures. The content can be checked for falsification, and signature verification can thus be simplified.
[0189]
FIG. 48 shows the data format of a single content key. The single content key data includes a data type, a key data type, a key expiration date, a content ID, a content provider ID, Key version, content key K_coEncryption method, encrypted content key K_co, Individual key K_iEncryption method, encrypted individual key K_i, Public key certificate and signature are stored.
[0190]
In the single content key data, the data type indicates that this data is key data, and the key data type indicates that the key data is for single content. The expiration date of the key is the key (content key K_coAnd individual key K_i) Is used by the expiration date or the number of days from the reference date when the key is used to the expiration date, and the content ID is the content key K_coIndicates single content to be encrypted. The content provider ID holds the content and the content key K_coID of the content provider 2 that generated
[0191]
The key version is a revised key (content key K_coAnd individual key K_i) Revision information. Content key K_coEncryption method is individual key K_iContent key K using_coIndicates the encryption method (for example, DES) when encrypting the encrypted content key K_coIs an individual key K depending on the encryption method._iContent key K encrypted using_coIndicates. Individual key K_iThe encryption method is delivery key K_dIndividual key K using_iIndicates the encryption method (for example, Triple-DES-CBC) when encrypting the encrypted private key K_iIs a delivery key K_dIndividual key K encrypted using_iIndicates. The signature is attached to the entire data type to public key certificate excluding the signature from the single content key data. The algorithm and parameters used when creating the signature and the key used for verifying the signature are included in the public key certificate.
[0192]
Where delivery key K_dAnd individual key K_iAre always integrated from the content provider 2 by the single content key data and delivered. In the single content key data, one signature is added to the entire key data. Accordingly, in the device that has received the key data for single content, the encrypted content key K_coAnd the encrypted individual key K_iThere is no need to verify the signature separately for each of the encrypted content keys K by verifying only one signature of the single content key data._coAnd the encrypted individual key K_iThus verifying the signature on the encrypted content key K._coAnd the encrypted individual key K_iThe signature verification for can be simplified.
[0193]
Incidentally, individual key K_iIs the individual key K_iContent key K using_coIs encrypted together with the ID of the content provider that encrypts. Actually, the individual key K together with the content provider ID is obtained by an encryption method called Triple Death CBC mode._iA method for encrypting will be described with reference to FIG. That is, in such an encryption method, a predetermined initial value and an individual key K_i(64bit) and then the delivery key K_dIs encrypted with the encryption method using Triple Death's CBC mode. As a result, the obtained 64-bit first value is concatenated with the content provider ID (64-bit), and then the delivery key K is again transmitted._dIs encrypted with the encryption method in the Triple Death CBC mode, thus obtaining the second value of 64 bits. In such an encryption method, 16-byte data obtained by concatenating the first value and the second value is an encrypted individual key K stored in the single content key data._i(In this case, the first value is the encrypted individual key K stored in the single content key data._iThe second value is the encrypted individual key K stored in the single content key data._i(It becomes 64bit data following the first value in the above).
[0194]
FIG. 50 shows key data for album content. The key data for album content includes data type, key data type, key expiration date, album ID, content provider ID, Key version, the number of key data for single content used when encrypting the single content constituting the album, address information indicating the storage location of the key data, and the key data packet stored at the location indicated by the address information , Public key certificate and signature are stored.
[0195]
In the key data for album content, the type of data indicates that this data is key data, and the type of key data indicates that the key data is for album content. The expiration date of the key is the key (content key K_co) Is used by the date when it expires, or by the number of days from the reference date when the key is used to the date when it expires, and the ID of the album is the content key K_coThe album content composed of single content to be encrypted is indicated by. The content provider ID indicates the ID of the content provider 2 that encrypts the album content.
[0196]
The key version is a revised key (content key K_co) Revision information. The signature is attached to the entire data type to public key certificate excluding the signature from the single content key data. The algorithm and parameters used when creating the signature and the key used for verifying the signature are included in the public key certificate.
[0197]
Then, in the album content key data, the signature of the plurality of single content key data stored in the key data for the album content can be obtained simply by verifying the signature by attaching the signature to the whole. Even without verifying each, it is possible to check tampering with the key data for the album content as well as the key data for each single content, and thus the verification of the signature can be simplified.
[0198]
FIG. 51 is a diagram for explaining the mutual authentication operation between the encryption processing unit 65 and the decompression unit 66 using DES, which is a common key encryption, with one common key. In FIG. 51, if A is an expansion unit 66 and B is a cryptographic processing unit 65, the cryptographic processing unit 65 is a 64-bit random number R._BAnd R_BAnd ID that is self ID_BIs transmitted to the decompression unit 66 via the host controller 62. Upon receiving this, the decompression unit 66 newly generates a 64-bit random number R._AAnd R_A, R_B, ID_BKey K in DES CBC mode_ABAnd is sent back to the encryption processing unit 65 via the host controller 62.
[0199]
The DES CBC mode is a method of performing exclusive OR operation on the previous output and input, and then performing encryption. In this example,
X = DES (K_AB, R_A+ IV) IV = initial value, +: exclusive OR
Y = DES (K_AB, R_B+ X)
Z = DES (K_AB, ID_B+ Y)
And the outputs are X, Y, and Z. In these equations, DES (K_AB, R_A+ IV) is the key K_ABData R using_AIndicates that + IV is encrypted with DES, and DES (K_AB, R_B+ X) is the key K_ABData R using_B+ X indicates that DES is encrypted with DES, and DES (K_AB, ID_B+ Y) is the key K_ABData ID using_B+ Y indicates that DES is encrypted with DES.
[0200]
Upon receiving this, the encryption processing unit 65 converts the received data into the key K_ABDecrypt with R_BAnd ID_BHowever, it is checked whether or not it matches that transmitted by the cryptographic processing unit 65. If the inspection passes, the extension unit 66 is authenticated as valid. Next, the session key (temporary key K_tempSK generated by random numbers)_ABAnd R_B, R_A, SK_ABKey K in DES CBC mode_ABAnd is transmitted to the decompression unit 66 via the host controller 62. Receiving this, the decompression unit 66 converts the received data into the key K._ABDecrypt with R_BAnd R_AIs in agreement with the one transmitted by the decompression unit 66. If this check is passed, the cryptographic processing unit 65 is authenticated as valid and the data SK_ABIs used as a session key for subsequent communications. Note that if an illegality or a mismatch is found during the inspection of received data, the processing is interrupted assuming that mutual authentication has failed.
[0201]
FIG. 52 shows a mutual authentication module 95 in the encryption processing unit 65 of the home server 51 and a mutual authentication (not shown) in the encryption processing unit 73 of the stationary device 52 using the elliptic curve encryption having a 160-bit length which is a public key encryption. It is a figure explaining operation | movement of the mutual authentication with a module. In FIG. 52, if A is the cryptographic processing unit 73 and B is the cryptographic processing unit 65, the cryptographic processing unit 65 is a 64-bit random number R._BIs transmitted to the stationary device 52 via the host controller 62 and the communication unit 61. Upon receiving this, the stationary device 52 newly adds a 64-bit random number R in the encryption processing unit 73._A, And a random number A smaller than characteristic p_KIs generated. And base point G is A_KDoubled point A_VR_A, R_B, A_V(X coordinate and Y coordinate) are concatenated (64 bits + 64 bits + 160 bits + 160 bits to become 448 bits), and the signature data A. Sig is generated. Note that the scalar multiplication of the base point is the same as the method described in the generation of the signature in FIG. The data connection is, for example, as follows. When the 16-bit data A and the 16-bit data B are concatenated, it means 32-bit data in which the upper 16-bit data is A and the lower 16-bit data is B. The generation of the signature is the same as the method described in the generation of the signature in FIG.
[0202]
Next, the encryption processing unit 73 performs R_A, R_B, A_VAnd signature data A. Sig is transferred to the host controller 72, and the host controller 72 adds a public key certificate (stored in the small-capacity storage unit 75) for the stationary device 52 and transmits it to the home server 51 via the communication unit 71. . Since the public key certificate has been described with reference to FIG. 32, its details are omitted. Receiving this, the home server 51 verifies the signature of the public key certificate of the stationary device 52 in the encryption processing unit 65. The verification of the signature is the same as the method described in the verification of the signature in FIG. Next, of the sent data, the random number R_BIs the same as that transmitted by the encryption processing unit 65, and if it is the same, the signature data A. Verify Sig. When the verification is successful, the cryptographic processing unit 65 authenticates the cryptographic processing unit 73. The signature verification is the same as the method described in the signature verification of FIG. The cryptographic processing unit 65 then generates a random number B smaller than the characteristic p._KAnd base point G to B_KDoubled point B_VR_B, R_A, B_V(X coordinate and Y coordinate) are concatenated, and the signature data B. Sig is generated. Finally, the cryptographic processor 65_B, R_A, B_VAnd signature data B. Sig is handed over to the host controller 62, and the host controller 62 adds a public key certificate (stored in the large capacity storage unit 68) for the home server 51 and transmits it to the stationary device 52 via the communication unit 61. .
[0203]
The stationary device 52 that has received this verifies the signature of the public key certificate of the home server 51 in the encryption processing unit 73. Next, of the sent data, the random number R_AIs the same as that transmitted by the cryptographic processing unit 73. Verify Sig. When the verification is successful, the cryptographic processing unit 73 authenticates the cryptographic processing unit 65.
[0204]
If both are successfully authenticated, the encryption processing unit 65 determines that B_KA_V(B_KIs a random number, but A_VIs a point on the elliptic curve, a scalar multiplication of the point on the elliptic curve is necessary), and the encryption processing unit 73 calculates A_KB_VAnd the lower 64 bits of the X coordinate of these points are stored in the session key (temporary key K_temp) For subsequent communications (when the common key encryption is a 64-bit key length common key encryption). Incidentally, the session key used for communication is not limited to the lower 64 bits of the X coordinate but may be the lower 64 bits of the Y coordinate. In secret communication after mutual authentication, the data is stored in the temporary key K_tempThe encrypted transmission data may be signed as well.
[0205]
If an illegality or a mismatch is found during signature verification or received data verification, the processing is interrupted assuming that mutual authentication has failed.
[0206]
FIG. 53 is a diagram for explaining the operation when a settlement-enabled device in the user home network 5 transmits billing information to the electronic distribution service center 1. A payment-enabled device in the user home network 5 searches for a target device to be subjected to proxy payment from the registration information, performs mutual authentication, and shares the billing information._temp(This key is different each time you perform mutual authentication) and send it encrypted (at this time, the data is signed). After processing for all devices, mutual authentication with the electronic distribution service center 1 is performed, all billing information is encrypted with the shared temporary key, signature data is attached to these, registration information, and handling policy as required The price information is transmitted to the electronic distribution service center 1 together with the price information. It should be noted that the billing information transmitted from the user home network 5 to the electronic distribution service center 1 includes information necessary for distributing the amount of money, such as the ID of the handling policy and the ID of the price information, so that the amount of information is large. Handling policy and price information do not necessarily need to be transmitted. The user management unit 18 receives this. The user management unit 18 verifies the signature data for the received billing information, registration information, handling policy, and price information. The verification of the signature is the same as the method described in FIG. Next, the user management unit 18 uses the temporary key K shared at the time of mutual authentication._tempThe billing information is decrypted and transmitted to the history data management unit 15 together with the handling policy and price information.
[0207]
Incidentally, in this embodiment, the data transmitted after mutual authentication is stored in the temporary key K as necessary._tempEncrypted with For example, content key K_coAnd delivery key K_dIf the contents are viewed, the data will be used illegally._tempIt is necessary to encrypt it so that it cannot be seen from the outside. On the other hand, even if the contents of the billing information and the license agreement information are seen, the data cannot be used illegally._tempHowever, if the amount of billing information is falsified or tampered so that the usage conditions of the license agreement information are relaxed, for example, damage to the parties involved in the exchange of the amount will occur. Therefore, falsification is prevented by sending the billing information and the license agreement information with a signature. However, the content key K_coAnd delivery key K_dA signature may also be attached when transmitting.
[0208]
Then, on the sending side, the temporary key K_tempA signature is generated with respect to the data encrypted in (1), and the data and signature are transmitted. On the receiving side, the data sent is the temporary key K_tempIf the data is not encrypted with, data is obtained by verifying the signature, or the data sent is the temporary key K_tempIf it is encrypted with a temporary key K after verifying the signature_tempThe data is obtained by decoding the data. In this embodiment, for data transmitted after mutual authentication, a signature and a temporary key K as necessary are obtained by the above method._tempMay be encrypted.
[0209]
The user management unit 18 sends the delivery key K from the key server 14._dReceived and shared temporary key K_tempEncrypt with, add signature data, create registration information from user registration database, temporary key K_tempThe delivery key K encrypted with_dThe signature data and the registration information are transmitted to the settlement capable device in the user home network 5. The registration information creation method is as described with reference to FIG. 8, and detailed description thereof is omitted here.
[0210]
When executing the settlement, the billing request unit 19 receives billing information, handling policy, and price information as needed from the history data management unit 15, calculates a bill amount for the user, and stores the billing information 20 Send to. The cashier 20 communicates with a bank or the like and executes a settlement process. At this time, if there is information such as the user's unpaid fee, the information is transmitted to the billing request unit 19 and the user management unit 18 in the form of a settlement report, reflected in the user registration database, and subsequent user registration processing, or Referenced during payment processing.
[0211]
Temporary key K_tempThe delivery key K encrypted with_dUpon receipt of the signature data and the registration information, the settlement-enabled device in the user home network 5 updates the stored registration information, checks the registration information, and verifies the signature data if registered. After, delivery key K_dTemporary key K_tempThe delivery key K decrypted with and stored in the storage module in the encryption processing unit_dIs updated, and the billing information in the storage module is deleted. Subsequently, the target device to be proxy-settled is searched from the registration information, the mutual authentication is performed for each device found by the search, and the delivery key K read from the storage module of the encryption processing unit_dTemporary key K that is different to the device found by searching_tempThe data is encrypted, and a signature is attached to each device and transmitted to each device together with registration information. The process ends when all the target devices to be proxy settlement are completed.
[0212]
The target device that has received these data checks the registration information and verifies the signature data in the same manner as the settlement-enabled device, and then the delivery key K_dTemporary key K_tempAnd the delivery key K in the storage module_dAnd delete billing information.
[0213]
In addition, for devices whose registration information registration item is “registration not possible”, the delivery key K is not charged._dNo update or deletion of billing information (contents of registration items may not be described, such as stoppage including use, stop of purchase process, normal state of process, etc.) ).
[0214]
FIG. 54 is a diagram for explaining the operation of profit distribution processing in the electronic distribution service center 1. The career data management unit 15 holds and manages the billing information transmitted from the user management unit 18, the handling policy, and the price information as necessary. The profit distribution unit 16 calculates the profits of the content provider 2, the service provider 3, and the electronic distribution service center 1 from the billing information transmitted from the history data management unit 15, if necessary, the handling policy and price information. The result is transmitted to the service provider management unit 11, the content provider management unit 12, and the cashing unit 20. The cashier 20 communicates with a bank or the like to make a payment. The service provider management unit 11 transmits the distribution information received from the profit distribution unit 16 to the service provider 2. The content provider management unit 12 transmits the distribution information received from the profit distribution unit 16 to the content provider 3.
[0215]
The auditing unit 21 receives the charging information, the handling policy, and the price information from the history data management unit 15 and audits whether there is a contradiction in the data. For example, it is audited whether the price in the billing information is consistent with the price information data, whether the distribution rate is consistent, etc., and whether the handling policy is consistent with the price information. Further, the processing of the auditing unit 21 includes a process of auditing the consistency between the amount received from the user home network 5 and the total amount of profits distributed or the amount sent to the service provider 3, and the equipment of the user home network 5 There is a process for auditing whether or not the data in the billing information supplied from the server includes, for example, a content provider ID that cannot exist, a service provider ID, an unimaginable share, a price, and the like.
[0216]
FIG. 55 is a diagram for explaining the operation of the electronic distribution service center 1 for transmitting the content usage record to JASRAC. The career data management unit 15 transmits billing information indicating the usage history of the content of the user to the copyright management unit 13 and the profit distribution unit 16. The profit distribution unit 16 calculates a billing amount and a payment amount for JASRAC from the billing information, and transmits the payment information to the cashing unit 20. The cashier 20 communicates with a bank or the like and executes a settlement process. The copyright management unit 13 transmits the usage record of the user's content to JASRAC.
[0217]
Next, processing of the EMD system will be described. FIG. 56 is a flowchart for explaining content distribution and playback processing in this system. In step S40, the content provider management unit 12 of the electronic distribution service center 1 assigns the individual key K to the content provider 2._i, Delivery key K_dIndividual key K encrypted with_iAnd the public key certificate of the content provider 2 is transmitted, and the content provider 2 receives the certificate. Details of the processing will be described later with reference to the flowchart of FIG. In step S41, the user operates a device in the user home network 5 (for example, the home server 51 in FIG. 15), and registers the device in the user home network 5 in the user management unit 18 of the electronic distribution service center 1. Details of this registration processing will be described later with reference to the flowchart of FIG. In step S42, the user management unit 18 of the electronic distribution service center 1 performs mutual authentication with the user home network 5 as described above with reference to FIG._dSend. The user home network 5 receives this key. Details of this processing will be described with reference to the flowchart of FIG.
[0218]
In step S43, the signature generation unit 38 of the content provider 2 generates a content provider secure container and transmits it to the service provider 3. Details of this processing will be described later with reference to the flowchart of FIG. In step S44, the signature generation unit 45 of the service provider 3 generates a service provider secure container and transmits it to the user home network 5 via the network 4. Details of this transmission processing will be described later with reference to the flowchart of FIG. In step S45, the purchase module 94 of the user home network 5 executes a purchase process. Details of the purchase process will be described later with reference to the flowchart of FIG. In step S <b> 46, the user plays the content on the device of the user home network 5. Details of the reproduction process will be described later with reference to the flowchart of FIG.
[0219]
FIG. 57 shows that the electronic distribution service center 1 corresponding to S40 in FIG._i, Delivery key K_dIndividual key K encrypted with_i4 is a flowchart for explaining details of processing for transmitting a public key certificate and receiving the content provider 2 by the content provider 2. In step S50, the mutual authentication unit 17 of the electronic distribution service center 1 performs mutual authentication with the mutual authentication unit 39 of the content provider 2. Since this mutual authentication process has been described with reference to FIG. 52, its details are omitted. When it is confirmed by the mutual authentication process that the content provider 2 is a valid provider, in step S51, the content provider 2 sends the individual key K transmitted from the content provider management unit 12 of the electronic distribution service center 1._i, Delivery key K_dIndividual key K encrypted with_iAnd receive a certificate. In step S52, the content provider 2 receives the received individual key K_iIs stored in the tamper-resistant memory 40A and the delivery key K_dIndividual key K encrypted with_iAnd the certificate are stored in the memory 40B.
[0220]
In this way, the content provider 2 sends the individual key K from the electronic distribution service center 1._i, Delivery key K_dIndividual key K encrypted with_iAnd receive a certificate. Similarly, in the example in which the process of the flowchart shown in FIG. 56 is performed, in addition to the content provider 2, the service provider 3 performs the same process as in FIG._i(Individual key K of content provider 2_iDelivery key K_dIndividual key K encrypted with_iAnd receive a certificate.
[0221]
Note that the memory 40A has an individual key K that the content provider 2 must keep secretly._iIt is desirable to use a tamper-resistant memory that does not allow data to be easily read by a third party, but there is no need for hardware restrictions (for example, a hard disk in a room where entry is controlled, password management, etc. PC hard disk etc.) Further, the memory 40B stores the delivery key K_dIndividual key K encrypted with_iSince the certificate of the content provider 2 is only stored, anything such as a normal storage device may be used (it is not necessary to keep it secret). Further, the memories 40A and 40B may be combined into one.
[0222]
FIG. 58 is a flowchart for explaining processing in which the home server 51 registers payment information in the user management unit 18 of the electronic distribution service center 1. In step S60, the home server 51 mutually authenticates the public key certificate stored in the large capacity storage unit 68 with the mutual authentication unit 17 of the electronic distribution service center 1 using the mutual authentication module 95 of the cryptographic processing unit 65. . Since this authentication process is the same as that described with reference to FIG. 52, the description is omitted here. In step S60, the certificate that the home server 51 transmits to the user management unit 18 of the electronic distribution service center 1 includes the data (public key certificate of the user device) shown in FIG.
[0223]
In step S61, the home server determines whether or not the registration of the personal payment information (such as the user's credit card number and the account number of the payment institution) is a new registration. Proceed to In step S <b> 62, the user inputs personal settlement information using the input unit 63. These data are stored in the encryption unit 112 by the temporary key K._tempAnd transmitted to the user management unit 18 of the electronic distribution service center 1 via the communication unit 61.
[0224]
In step S63, the user management unit 18 of the electronic distribution service center 1 extracts the device ID from the received certificate, and searches the user registration database shown in FIG. 7 based on the device ID. In step S64, the user management unit 18 of the electronic distribution service center 1 determines whether or not the device having the received ID can be registered, and determines that the device having the received ID can be registered. If YES in step S65, the flow advances to step S65 to determine whether the device having the received ID is newly registered. If it is determined in step S65 that the device having the received ID is newly registered, the process proceeds to step S66.
[0225]
In step S66, the user management unit 18 of the electronic distribution service center 1 newly issues a payment ID, decrypts the payment information encrypted with the temporary key, and sets the payment ID and the payment information as a device ID and a payment ID. The payment information (account number, credit card number, etc.), transaction stop information, etc. is registered in correspondence with the device ID, and the payment ID is registered in the user registration database. In step 67, registration information is created based on the data registered in the user registration database. Since this registration information has been described with reference to FIG. 8, its details are omitted.
[0226]
In step S <b> 68, the user management unit 18 of the electronic distribution service center 1 transmits the created registration information to the home server 51. In step S <b> 69, the host controller 62 of the home server 51 stores the received registration information in the large capacity storage unit 68.
[0227]
If it is determined in step S61 that the payment information registration is an update registration, the procedure proceeds to step S70, and the user inputs personal payment information using the input means 63. These data are stored in the encryption unit 112 by the temporary key K._tempIs transmitted to the user management unit 18 of the electronic distribution service center 1 through the communication unit 61 together with the registration information already issued at the time of payment registration.
[0228]
If it is determined in step S64 that the device having the received ID cannot be registered, the process proceeds to step S71, where the user management unit 18 of the electronic distribution service center 1 creates registration rejection registration information, and step S68. Proceed to
[0229]
If it is determined in step S65 that the device having the received ID is not newly registered, the procedure proceeds to step S72, and the user management unit 18 of the electronic distribution service center 1 sets the payment information encrypted with the temporary key. And is updated and registered in the settlement information registration database in correspondence with the device ID, and the process proceeds to step S67.
[0230]
In this way, the home server 51 is registered in the electronic distribution service center 1.
[0231]
FIG. 59 is a flowchart for describing processing for newly registering an ID of a device in registration information. The mutual authentication process in step S80 is the same as the process described with reference to FIG. Since step S81 is the same as step S63 in FIG. 58, the description thereof is omitted. Since step S82 is the same as step S64 of FIG. 58, its description is omitted. In step S83, the user management unit 18 of the electronic distribution service center 1 sets the registration item corresponding to the device ID in the user registration database to “registration” and registers the device ID. In step S84, the user management unit 18 of the electronic distribution service center 1 creates registration information as shown in FIG. 8 based on the user registration database. Since step S85 is the same as step S68 of FIG. 58, its description is omitted. Since step S86 is the same as step S69 of FIG. 58, its description is omitted.
[0232]
If it is determined in step S82 that the device having the received ID cannot be registered, the process proceeds to step S87, where the user management unit 18 of the electronic distribution service center 1 creates registration rejection registration information, and step S85 is performed. Proceed to
[0233]
In this way, the home server 51 is registered in the electronic distribution service center 1.
[0234]
FIG. 60 is a flowchart for explaining processing when additionally registering another device via an already registered device. Here, an example will be described in which the home server 51 is already registered, and the stationary device 52 is registered there. In step S <b> 90, the home server 51 performs mutual authentication with the stationary device 52. The mutual authentication process is the same as the process described with reference to FIG. In step S91, the home server 51 performs mutual authentication with the electronic distribution service center 1. In step S92, the home server 51 transmits to the electronic distribution service center 1 the registration information read from the large-capacity storage unit 68 and the certificate of the stationary device 52 obtained upon mutual authentication with the stationary device 52 in step S90. . Since step S93 is the same as step S81 in FIG. 59, its description is omitted. Since step S94 is the same as step S82 of FIG. 59, its description is omitted. Since step S95 is the same as step S83 in FIG. 59, its description is omitted. In step S <b> 96, the user management unit 18 of the electronic distribution service center 1 newly creates registration information in which information on the stationary device 52 is added to the registration information received from the home server 51. Since step S97 is the same as step S85 of FIG. 59, its description is omitted. Since step S98 is the same as step S86 of FIG. 59, its description is omitted.
[0235]
In step S99A, the home server 51 transmits the received registration information to the stationary device 52. In step S99B, the stationary device 52 stores the received registration information in the small capacity storage unit 75.
[0236]
If it is determined in step S94 that registration of the device having the received ID is impossible, the process proceeds to step S99, where the user management unit 18 of the electronic distribution service center 1 registers only the stationary device 52 as registration rejection ( Therefore, the home server 51 remains registered, and the process proceeds to step S97 (in step S91, the home server 51 has succeeded in mutual authentication with the electronic distribution service center 1). Is meant).
[0237]
Thus, the stationary device 52 is additionally registered in the electronic distribution service center 1 by the processing procedure shown in FIG.
[0238]
Here, the timing at which a registered device updates registration (updates registration information) will be described. FIG. 61 shows a processing procedure for determining whether or not to update the registered information based on various conditions. In step S600, the home server 51 determines that the delivery key K_dThen, a clock (not shown) and a determination unit (not shown) determine whether or not a predetermined period has elapsed since the registration information or billing information was raised. If a positive result is obtained here, this means that the distribution key K_dThis indicates that a certain period of time has elapsed since the registration information or billing information has been swung up. At this time, the home server 51 moves to step S607 and executes a registration information update process. This process will be described later with reference to FIG.
[0239]
On the other hand, if a negative result is obtained in step S600, this means that the distribution key K_dThis means that a certain period has not elapsed since the registration information or billing information has been raised, that is, the registration information update condition is not satisfied for the elapse of the period. At this time, the home server 51 proceeds to step S601. .
[0240]
In step S601, the home server 51 determines whether or not the number of purchases of the content has reached a specified number. If an affirmative result is obtained here, the home server 51 moves to step S607 and executes a registration information update process. On the other hand, if a negative result is obtained in step S601, this means that the registration information on the number of purchases of the content. This indicates that the update condition is not satisfied, and the home server 51 proceeds to the subsequent step S602.
[0241]
In step S602, the home server 51 determines whether or not the purchase amount of the content has reached a prescribed amount. If an affirmative result is obtained here, the home server 51 moves to step S607 and executes a registration information update process. On the other hand, if a negative result is obtained in step S602, this indicates that the purchase price of the content. By indicating that the registration information update condition is not satisfied, the home server 51 proceeds to step S603.
[0242]
In step S603, the home server 51 determines that the delivery key K_dIt is determined whether or not the expiration date of is expired. Delivery key K_dAs a method of determining whether or not the expiration date of the data has expired, the distribution key K of the distributed data can be used._dVersions of the distribution key K stored in the storage module 92_dOr any of the latest delivery keys K_dCheck if it is older than. If this comparison result does not match or the latest delivery key K_dIf the version is older than the delivery key K in the storage module 92_dThe home server 51 obtains an affirmative result in step S603, moves to step S607, and executes registration information update processing. On the other hand, if a negative result is obtained in step S603, this means that the distribution key K_dThis indicates that the registration information update condition is not satisfied with respect to the expiration date, and the home server 51 proceeds to step S604.
[0243]
In step S604, the home server 51 determines whether there is a change in the network configuration, such as whether or not another device has been newly connected to the home server 51 or whether or not the other device that has been connected has been disconnected. If an affirmative result is obtained here, this indicates that the network configuration has changed. At this time, the home server 51 moves to step S607 and executes a registration information update process. On the other hand, if a negative result is obtained in step S604, this indicates that the update condition of the registration information is not satisfied for the network configuration, and the home server 51 proceeds to subsequent step S605.
[0244]
In step S605, the home server 51 determines whether or not there is a registration information update request from the user. If there is a registration information update request, the home server 51 proceeds to step S607 to execute registration information update processing. If there is no update request, the process moves to step S606.
[0245]
In step S606, the home server 51 makes an update determination in the above-described steps S600 to S605 for the other connected devices, and when a determination result to be updated is obtained, the process proceeds to step S607 to perform registration information update processing. On the other hand, when the determination result to be updated is not obtained, the same processing is repeated from step S600 described above. Thereby, the home server 51 can obtain the timing for performing the update process of the registration information. Instead of the home server 51 checking the update start conditions of other devices, the other devices may independently check and issue a request to the home server 51 themselves.
[0246]
In FIG. 62, a registered device updates registration (updates registration information), performs a settlement process, and delivers a delivery key K_dIt is a flowchart explaining the operation | movement which receives redistribution. The mutual authentication process in step S100 is similar to the process described with reference to FIG. In step S101, the home server 51 uses the encryption unit 112 of the encryption processing unit 96 to store the billing information stored in the storage module 92 with the temporary key K._tempThe signature generation unit 114 generates a signature and adds the signature. Then, the encrypted billing information and its signature are combined with the handling policy, price information and registration information stored in the mass storage unit 68 and transmitted to the electronic distribution service center 1. At this time, the handling policy and price information need not be transmitted depending on the model. This is because the content provider 2 and the service provider 3 may have transmitted to the electronic distribution service center 1 in advance, or the billing information may include necessary information of handling policy and price information. is there.
[0247]
Since step S102 is the same as step S81 in FIG. 59, its description is omitted. Since step S103 is the same as step S82 of FIG. 59, its description is omitted. In step S104, the user management unit 18 of the electronic distribution service center 1 verifies the signature by the signature verification unit 115, and uses the received charging information as the temporary key K._temp(If the received data has an electronic signature, it is verified by the signature verification unit 115), and if received, it is transmitted to the history data management unit 15 together with the handling policy and price information. Upon receiving this, the history data management unit 15 stores and manages the received data.
[0248]
In step S105, the user management unit 18 of the electronic distribution service center 1 verifies the registration item corresponding to the device ID in the user registration database and updates the data. For example, it is data such as a registration date and a charging status (not shown). Since step S106 is the same as step S84 in FIG. 59, its description is omitted. In step S107, the user management unit of the electronic distribution service center 1 sends the delivery key K supplied from the key server 14._dTemporary key K_tempAnd is transmitted to the home server 51 together with the registration information.
[0249]
In step S <b> 108, the home server 51 stores the received registration information in the large-capacity storage unit 68. In step S109, the home server 51 inputs the received registration information to the encryption processing unit 65. The encryption processing unit 65 verifies the electronic signature included in the registration information by the signature verification unit 115, and the device of the home server 51. When it is confirmed that the ID is registered, the verification is successful, and the accounting process is completed, the process proceeds to step S110. In step S110, the home server 51 receives the received delivery key K._dIs input to the encryption processing unit 65. In the cryptographic processing unit 65, the received delivery key K_dIs temporarily stored in the decryption unit 111 of the encryption / decryption module 96._tempAnd is stored (updated) in the storage module 92, and the billing information held in the storage module 92 is erased (thereby is settled).
[0250]
If it is determined in step S103 that the registration of the device having the received ID is not possible, the process proceeds to step S111, where the user management unit 18 of the electronic distribution service center 1 creates registration information for which registration is rejected. Proceed to S112. In step S112, unlike the step S107, only the registration information is transmitted to the home server 51.
[0251]
In step S109, verification of the signature included in the registration information fails, or “registration” items included in the registration information (for example, charging processing failure → cannot be purchased, registration processing → encryption processing including processing such as rejection / reproduction) If the “Registration is OK” is not written in “Successful function stop, transaction suspension → billing process is successful, but purchase is stopped for some reason, etc.”, the process proceeds to step S113 and a predetermined error occurs. Process.
[0252]
As described above, the home server 51 updates the registration information and transmits the billing information to the electronic distribution service center 1._dReceive the supply.
[0253]
63 and 64, the stationary device 52 makes a payment via the home server 51, updates the registration information, and the delivery key K._dIt is the figure which showed the flowchart explaining the process which updates this. In step S120, the mutual authentication module 94 of the home server 51 and the mutual authentication module (not shown) of the stationary device perform mutual authentication. The mutual authentication process is the same as the process described with reference to FIG. As described in the mutual authentication process, since the home server 51 and the stationary device 52 exchange certificates with each other, it is assumed that the partner device ID is known. In step S <b> 121, the host controller 62 of the home server 51 reads the registration information from the large capacity storage unit 68 and causes the encryption processing unit 65 to inspect it. The cryptographic processing unit 65 that has received the registration information from the host controller 62 verifies the signature in the registration information, determines whether there is a stationary device ID, and if the registration information includes the stationary device ID, step S122. Proceed to
[0254]
In step S122, it is determined whether or not the ID of the stationary device 52 is registered in the registration information. If the ID of the stationary device 52 is registered, the process proceeds to step S123. In step S123, the encryption processing unit 73 of the stationary device 52 reads the billing information stored in the storage module and uses the encryption unit to store the temporary key K._tempEncrypt using. Also, a signature corresponding to the billing information is generated by the signature generation unit. Since the generation of the signature has been described with reference to FIG. Temporary key K_tempThe host controller 72 that has received the billing information encrypted in step 1 and its signature reads the handling policy and price information corresponding to the billing information from the small-capacity storage unit 75 as necessary, and stores the temporary key K_tempThe billing information encrypted with the signature and its signature, and if necessary, the handling policy and price information corresponding to the billing information are transmitted to the home server 51.
[0255]
The home server 51 that has received these data stores the handling policy and price information in the large-capacity storage unit 68 and receives the temporary key K if received._tempThe billing information encrypted in step 1 and its signature are input to the cryptographic processing unit 65. Temporary key K_tempThe encryption processing unit 65 that has received the billing information encrypted by the signature and the signature thereof is the temporary key K in the signature verification unit 115 of the encryption / decryption module 96._tempVerifies the signature on the billing information encrypted in. Since the verification of the signature is the same as the processing described with reference to FIG. 11, its details are omitted. The decryption unit 111 of the encryption / decryption module 96 then receives the temporary key K_tempThe billing information encrypted with is decrypted.
[0256]
  In step S124, the home server 51 performs mutual authentication with the mutual authentication unit 17 of the electronic distribution service center 1 and performs temporary key K._tempShare 2 In step S125, the home server 51 is sent from the stationary device 52.TheThe billing information is sent to the temporary key K by the encryption unit 112 of the encryption / decryption module 96._temp2 for encryption. At this time, the billing information of the home server 51 may be encrypted together. Temporary key K_tempThe signature corresponding to the charging information encrypted in 2 is generated by the signature generation unit 114 of the encryption / decryption module 96. Temporary key K_tempThe host controller 62 that has received the billing information encrypted in step 2 and its signature reads the handling policy, price information, and registration information corresponding to the billing information from the large-capacity storage unit 68 as necessary, and stores the temporary key K_temp2, the billing information encrypted in step 2, its signature, and, if necessary, the handling policy corresponding to the billing information, price information, and registration information are transmitted to the user management unit 18 of the electronic distribution service center 1.
[0257]
In step S126, the user management unit 18 of the electronic distribution service center 1 searches the user registration database. In step S127, it is determined whether the home server 51 and the stationary device 52 are registered in the “registration” item in the user registration database so that they can be registered. If it is determined that they are registered, the process proceeds to step S128. move on. In step S128, the user management unit 18 of the electronic distribution service center 1 uses the temporary key K._temp2 verifies the signature on the billing information encrypted in step 2, and stores the billing information in the temporary key K_temp2 for decryption. Then, the accounting information and, if received, the handling policy and price information are transmitted to the history data management unit 15. The history data management unit 15 that has received the billing information and the handling policy and price information, if received, manages and stores the data.
[0258]
In step S129, the user management unit 18 of the electronic distribution service center 1 updates the user registration database (billing data reception date and time, registration information issue date and time, delivery key issuance date and time, etc., not shown). In step S130, the user management unit 18 of the electronic distribution service center 1 creates registration information (for example, the example of FIG. 8). In step S131, the user management unit 18 of the electronic distribution service center 1 receives the distribution key K received from the key server 14 of the electronic distribution service center 1._dTemporary key K_temp2 encrypted, temporary key K_tempDelivery key K encrypted in 2._dGenerate a signature for. And registration information, temporary key K_tempDelivery key K encrypted in 2._dAnd temporary key K_tempDelivery key K encrypted in 2._dIs sent to the home server 51.
[0259]
  In step S132, the home server 51 determines the registration information, temporary key K_tempDelivery key K encrypted in 2._dAnd temporary key K_tempDelivery key K encrypted in 2._dReceive a signature for. The host controller 62 of the home server 51 has a temporary key K_tempDelivery key K encrypted in 2._dAnd temporary key K_tempDelivery key K encrypted in 2._dIs input to the cryptographic processing unit 65. In the encryption processing unit 65, the signature verification unit 115 of the encryption / decryption module 96 receives the temporary key K_tempDelivery key K encrypted in 2._dThe decryption unit 111 of the encryption / decryption module 96 verifies the signature for the temporary key K_temp2 using the delivery key K_dAnd the encryption unit 112 of the encryption / decryption module 96 sends the decrypted delivery key K_dIs a temporary key K shared with the stationary device 52_tempRe-encrypt using. Finally, the signature generation unit 114 of the encryption / decryption module 96 receives the temporary key K_tempThe delivery key K encrypted using_dGenerate a signature corresponding to the temporary key K_tempThe delivery key K encrypted with_dAnd temporary key K_tempThe delivery key K encrypted with_dIs returned to the host controller 62. Temporary key K_tempThe delivery key K encrypted with_dAnd temporary key K_tempThe delivery key K encrypted with_dThe host controller 62 that has received the signature for is sent from the electronic distribution service center 1.EnemyThe registration information is transmitted to the stationary device 52 together with the registered information.
[0260]
In step S <b> 133, the host controller 72 of the stationary device 52 overwrites and saves the received registration information in the small capacity storage unit 75. In step S134, the encryption processing unit 73 of the stationary device 52 verifies the signature of the received registration information, determines whether the item for the “registration” of the ID of the stationary device 52 is “registration possible”, If “registration is possible”, the process proceeds to step S135. In step S135, the host controller of the stationary device 52 receives the temporary key K._tempThe delivery key K encrypted with_dAnd temporary key K_tempThe delivery key K encrypted with_dA signature is input to the cryptographic processing unit 73. The encryption processing unit 73 uses the temporary key K_tempThe delivery key K encrypted with_dVerifies the signature for, temporary key K_tempUsing delivery key K_dAnd the delivery key K in the storage module of the encryption processing unit 73 is decrypted._dAnd the billing information is erased (in some cases, it is not actually erased but only a mark that has been settled is added).
[0261]
If it is determined in step S121 that the ID of the stationary device 52 is not included in the registration information, the process proceeds to step S136, the registration information addition process described with reference to FIG. 60 is started, and the process proceeds to step S123.
[0262]
If it is determined in step S127 that the ID of the home server 51 or the ID of the stationary device 52 is not “registrable” for the “registration” item in the user registration database, the process proceeds to step S137. Since step S137 is the same as that in step S130, its details are omitted. In step S138, in step S131, the user management unit 18 of the electronic distribution service center 1 transmits registration information to the home server 51. In step S139, the home server 51 transmits registration information to the stationary device 52.
[0263]
If the “registration” item for the ID of the stationary device 52 in the registration information is not “registerable” in step S122, the “registration” item for the ID of the stationary device 52 in the registration information is “ If it is not “Registerable”, the process ends.
[0264]
The proxy processing according to this method is processing for only the stationary device 52, but all the accounting information of all devices connected to the home server 51 and the home server 51 itself may be collected and processed collectively. And registration information of all devices, delivery key K_d(In this embodiment, the received registration information, delivery key K_dAre not checked at all by the home server 51. If the processing of the home server 51 itself is also performed at once, it should be checked and updated as a matter of course).
[0265]
Next, a process in which the content provider 2 transmits a content provider secure container to the service provider 3 corresponding to step S43 in FIG. 56 will be described with reference to the flowchart in FIG. In step S140, the digital watermark adding unit 32 of the content provider 2 inserts predetermined data indicating the content provider 2, such as a content provider ID, into the content read from the content server 31 in the form of a digital watermark, and the compression unit 33. To supply. In step S <b> 141, the compression unit 33 of the content provider 2 compresses the content with the digital watermark inserted by a predetermined method such as ATRAC and supplies the compressed content to the content encryption unit 34. In step S142, the content key generation unit 35 selects the content key K._coAre generated and supplied to the content encryption unit 34 and the content key encryption unit 36. In step S143, the content encryption unit 34 of the content provider 2 uses a predetermined method such as DES and the content key K_coIs used to encrypt the compressed content with the watermark inserted.
[0266]
In step S144, the content key encryption unit 36 uses an individual key K supplied from the electronic distribution service center 1 by a process of step S40 in FIG. 56 by a predetermined method such as DES._iContent key K_coIs encrypted. In step S145, the handling policy generation unit 37 defines a handling policy for content, and generates a handling policy as shown in FIG. 33 or FIG. In step S146, the signature generation unit 38 of the content provider 2 determines the encrypted content, the encrypted content key K_co, Encrypted individual key K_iA signature is generated for the handling policy supplied from the handling policy generation unit 37. Since the generation of the signature is the same as that described with reference to FIG. 10, the description thereof is omitted here. In step S147, the content provider 2 determines whether the encrypted content and its signature, the encrypted content key K_coAnd its signature, encrypted individual key K_iThe signature, the handling policy and the signature (hereinafter, these four signed data are referred to as a content provider secure container), and the certificate of the content provider 2 received from the certificate authority in advance using a transmission unit (not shown). Send to service provider 3.
[0267]
As described above, the content provider 2 transmits the content provider secure container to the service provider 3.
[0268]
Next, a process in which the service provider 3 transmits the service provider secure container to the home server 51 corresponding to step S44 in FIG. 56 will be described with reference to the flowchart in FIG. The service provider 3 will be described assuming that the data transmitted from the content provider 2 is stored in the content server 41 in advance. In step S150, the certificate verification unit 42 of the service provider 3 reads the signature of the content provider 2 certificate from the content server 41, and verifies the signature in the certificate. Since the verification of the signature is the same as the method described with reference to FIG. 11, its details are omitted. If the certificate has not been tampered with, the public key K of the content provider 2_pcpTake out.
[0269]
In step S151, the signature verification unit 43 of the service provider 3 uses the content provider secure container signature transmitted from the transmission unit of the content provider 2 as the public key K of the content provider 2._pcp(Only the signature of the handling policy may be verified). If signature verification fails and tampering is found, the process ends. The verification of the signature is the same as the method described with reference to FIG.
[0270]
When there is no falsification in the content provider secure container, in step S152, the pricing unit 44 of the service provider 3 creates the price information described in FIG. 37 and FIG. 38 based on the handling policy. In step S153, the signature generation unit 45 of the service provider 3 generates a signature for the price information, and creates a service provider secure container by combining the content provider secure container, the price information, and the price information signature.
[0271]
In step S154, the transmission unit (not shown) of the service provider 3 transmits the certificate of the service provider 3, the certificate of the content provider 2, and the service provider secure container to the communication unit 61 of the home server 51, and ends the processing. .
[0272]
As described above, the service provider 3 transmits the service provider secure container to the home server 51.
[0273]
Details of purchase processing of the home server 51 after receiving an appropriate service provider secure container corresponding to step S45 of FIG. 56 will be described using the flowchart of FIG. In step S161, the home server 51 executes the registration information update process described above with reference to FIGS. 61 and 62, and in step S162, the host controller 62 of the home server 51 reads out from the large-capacity storage unit 68 of the home server 51. The registration information is input to the encryption processing unit 65 of the home server 51. The encryption processing unit 65 that has received the registration information verifies the signature of the registration information by the signature verification unit 115 of the encryption / decryption module 96, and then sets the item “purchase process” for the ID of the home server 51 to “purchasable”. In addition, it is checked whether the registration item is “Registerable”, and if it is “Purchasable” and “Registerable”, the process proceeds to Step S163. The verification of signature verification, “registration is possible”, and “purchase is possible” may be performed by the registration information inspection module 93. In step S 163, the host controller 62 of the home server 51 inputs the public key certificate of the content provider 2 read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51.
[0274]
The cryptographic processing unit 65 that has received the public key certificate of the content provider 2 verifies the signature of the content provider 2 by the signature verification unit 115 of the encryption / decryption module 96, and then uses the content provider 2 from the public key certificate. Take out the public key. As a result of the signature verification, if it is confirmed that no falsification has been made, the process proceeds to step S164. In step S 164, the host controller 62 of the home server 51 inputs the content read from the large capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The encryption processing unit 65 that has received the content verifies the signature of the content by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that the content has not been tampered with, the process proceeds to step S165. In step S165, the host controller 62 of the home server 51 reads the content key K read from the mass storage unit 68 of the home server 51._coIs input to the encryption processing unit 65 of the home server 51.
[0275]
Content key K_coIs received by the signature verification unit 115 of the encryption / decryption module 96._coIf it is confirmed that no falsification has been made, the process proceeds to step S166. In step S166, the host controller 62 of the home server 51 reads the individual key K read from the mass storage unit 68 of the home server 51._iIs input to the encryption processing unit 65 of the home server 51. Individual key K_iThe encryption processor 65 receives the individual key K in the signature verification unit 115 of the encryption / decryption module 96._iIf it is confirmed that no falsification has been made, the process proceeds to step S167.
[0276]
In step S 167, the host controller 62 of the home server 51 inputs the handling policy read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the handling policy verifies the signature of the handling policy in the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that no falsification has been made, the process proceeds to step S168. In step S 168, the host controller 62 of the home server 51 inputs the public key certificate of the service provider 3 read from the large capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51.
[0277]
The cryptographic processing unit 65 that has received the public key certificate of the service provider 3 verifies the signature of the service provider 3 by the signature verification unit 115 of the encryption / decryption module 96, and then uses the public key certificate to determine the service provider 3. Take out the public key. As a result of the signature verification, if it is confirmed that no falsification has been made, the process proceeds to step S169. In step S <b> 169, the host controller 62 of the home server 51 inputs the price information read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the price information verifies the signature of the price information by the signature verification unit 115 of the encryption / decryption module 96. If it is confirmed that the price information has not been tampered with, the processing proceeds to step S170.
[0278]
In step S <b> 170, the host controller 62 of the home server 51 uses the display unit 64 to display information on the content that can be purchased (for example, a purchase mode and price that can be purchased), and the user purchases using the input unit 63. Select an item. The signal input from the input means 63 is transmitted to the host controller 62 of the home server 51. The host controller 62 generates a purchase command based on the signal and inputs the purchase command to the encryption processing unit 65 of the home server 51. . Note that these input processes may be performed at the start of the purchase process. Receiving this, the cryptographic processing unit 65 generates billing information and use permission condition information from the handling policy input in step S167 and the price information input in step S169. The accounting information has been described with reference to FIG. Since the use permission condition information has been described with reference to FIG. 41, the details thereof are omitted.
[0279]
In step S171, the control unit 91 of the encryption processing unit 65 stores the charging information generated in step S170 in the storage module 92. In step S172, the control unit 91 of the cryptographic processing unit 65 transmits the use permission condition information generated in step S170 to the external memory control unit 97 of the cryptographic processing unit 65. The external memory control unit 97 that has received the use permission condition information performs a tampering check of the external memory 67 and then writes the use permission condition information to the external memory 67. The tampering check at the time of writing will be described later with reference to FIG. In step S173, the control unit 91 of the encryption processing unit 65 performs the individual key K input in step S166._iThe delivery key K supplied from the storage module 92 by the decryption unit 111 of the encryption / decryption module 96_dDecrypt using. Next, the control unit 91 of the encryption processing unit 65 determines the content key K input in step S165._coIs decrypted by the decryption unit 111 of the encryption / decryption module 96._iDecrypt using. Finally, the control unit 91 of the encryption processing unit 65 is the encryption key 112 of the encryption / decryption module 96 and the storage key K supplied from the storage module 92._saveContent key K using_coIs encrypted. In step S174, the storage key K_saveEncrypted content key K_coIs stored in the external memory 67 via the external memory control unit 97 of the encryption processing unit 65.
[0280]
If it is determined in step S162 that the home server 51 is a device that cannot be purchased, or if it is determined in step S163 that the signature of the public key certificate of the content provider 2 is not correct, or the content key K is determined in step S164._coIf it is determined that the signature of the content encrypted at step S165 is incorrect, or at step S165, the individual key K_iEncrypted content key K_coOr when the delivery key K is determined to be incorrect in step S166._dIndividual key K encrypted with_iIf it is determined that the signature of the service policy is not correct in step S167, or if the signature of the service provider 3 certificate is determined to be incorrect in step S168, or If it is determined in step S169 that the price information signature is not correct, the home server 51 proceeds to step S176 and performs error processing. Note that the processing of step S165 and step S166 is summarized into a content key K_co, Individual key K_iA unique signature for may be verified.
[0281]
As described above, the home server 51 stores the billing information in the storage module 92 and the content key K._coIndividual key K_iAfter decrypting with the content key K_coSave key K_saveIs encrypted and stored in the external memory 67.
[0282]
The stationary device 52 also stores the billing information in the storage module of the encryption processing unit 73 and performs the content key K by the same process._coIndividual key K_iDecrypted with content key K_coSave key K_save2 (different from the key of the home server 51) and stored in the external memory 79.
[0283]
FIG. 68 is a flowchart for explaining a tampering check method performed when the external memory control unit 97 of the encryption processing unit 65 reads data from the external memory 67. In step S180 of FIG. 68, the external memory control unit 97 of the encryption processing unit 65 searches for the location of data to be read from the external memory 67 (for example, the first data in the block of FIG. 16). In step S181, the external memory control unit 97 of the cryptographic processing unit 65 calculates a hash value for all data in the same block including the read-scheduled data in the external memory 67 (the hash value of the entire first block in FIG. 16). . At this time, data other than data scheduled to be read (for example, content key 1 and use permission condition information 1) are discarded after being used for hash value calculation. In step S182, the hash value (ICV) stored in the storage module 92 of the cryptographic processing unit 65 and the hash value calculated in step S181.₁ ). If they match, the data read in step S181 is transmitted to the control unit 91 via the external memory control unit 97. If they do not match, the external memory control unit 97 moves to S183, and the memory Assuming that the block has been tampered with, subsequent read / write is prohibited (defective block). For example, when the external memory is a 4 MB flash memory, it is assumed that this memory is divided into 64 blocks. Therefore, 64 hash values are stored in the storage module. When reading data, first, a place where the data exists is searched, and hash values for all data in the same block including the data are calculated. Tampering is checked based on whether or not this hash value matches the hash value corresponding to the lock in the storage module (see FIG. 16).
[0284]
As described above, the external memory control unit 97 of the encryption processing unit 65 performs the tampering check of the external memory 67 and reads the data.
[0285]
FIG. 69 is a flowchart for explaining a tampering check method performed when the external memory control unit 97 of the encryption processing unit 65 writes data to the external memory 67. In step S190A of FIG. 69, the external memory control unit 97 of the encryption processing unit 65 searches for a place where data can be written in the external memory 67. In step S191A, the external memory control unit 97 of the encryption processing unit 65 determines whether there is a free area in the external memory 67. If it is determined that there is a free area, the process proceeds to step S192A. In step S192A, the external memory control unit 97 of the encryption processing unit 65 calculates hash values for all the data in the write-scheduled data block. In step S193A, the hash value calculated in step S192A is compared with the hash value stored in the storage module 92 of the cryptographic processing unit 65. If they match, the process proceeds to step S194A. In step S194A, data is written in the write scheduled area. In step S195A, the external memory control unit 97 of the encryption processing unit 65 recalculates hash values for all data in the written data block. In step S196A, the control unit 91 updates the hash value in the storage module 92 of the cryptographic processing unit 65 with the hash value calculated in step S195A.
[0286]
In step S193A, when the calculated hash value is different from the hash value in the storage module 92, the control unit 91 sets the memory block as a bad block (for example, changes the hash value to a value indicating the bad block). Proceed to step S190A.
[0287]
If it is determined in step S191A that there is no free area in the external memory 67, the process proceeds to step S198A. In step S198A, the external memory control unit 97 returns a write error to the control unit 91, and ends the process.
[0288]
As shown in FIG. 70, the external memory control unit 97 rewrites (updates) the external memory 67 as shown in FIG. 70. In step S190B, the external memory control unit 97 of the encryption processing unit 65 searches for a place to rewrite data in the external memory 67. To do. In step S192B, the external memory control unit 97 of the encryption processing unit 65 calculates hash values for all the data in the data block to be rewritten. In step S193B, the hash value calculated in step S192B is compared with the hash value stored in the storage module 92 of the cryptographic processing unit 65. If they match, the process proceeds to step S194B. In step S194B, the data in the rewrite scheduled area is rewritten. In step S195B, the external memory control unit 97 of the encryption processing unit 65 recalculates hash values for all data in the written data block. In step S196B, the control unit 91 updates the hash value in the storage module 92 of the cryptographic processing unit 65 with the hash value calculated in step S195B.
[0289]
In step S193B, when the calculated hash value is different from the hash value in the storage module 92, the control unit 91 sets the memory block as a bad block (for example, changes the hash value to a value indicating the bad block). Rewrite failure.
[0290]
A method for deleting data in the external memory 79 will be described with reference to FIG. In step S190C, the external memory control unit of the cryptographic processing unit 73 searches for a place to delete the data in the external memory 79. In step S192C, the external memory control unit of the cryptographic processing unit 73 calculates hash values for all data in the data deletion scheduled data block. In step S193C, the hash value calculated in step S192C is compared with the hash value stored in the storage module (not shown) of the cryptographic processing unit 73. If they match, the process proceeds to step S194C. In step S194C, the data scheduled to be deleted in the deletion scheduled area is deleted. In step S195C, the external memory control unit of the cryptographic processing unit 73 recalculates the hash values for all the data in the data block from which the data to be deleted is deleted. In step S196C, the cryptographic processing unit 73 updates the hash value in the storage module with the hash value calculated in step S195C.
[0291]
In step S193C, if the calculated hash value is different from the hash value in the storage module, the cryptographic processing unit 73 sets the memory block as a bad block (for example, changes the hash value to a value indicating the bad block). , Erasure failure.
[0292]
Details of the processing for reproducing content by the home server 51 corresponding to step S46 in FIG. 56 will be described with reference to the flowcharts in FIGS. In step S <b> 200, the host controller 62 of the home server 51 inputs an ID corresponding to the content instructed to be played from the input unit 63 of the home server 51 to the encryption processing unit 65 of the home server 51. In step S201, the control unit 91 of the encryption processing unit 65 that has received the content ID to be reproduced transmits the content ID to the external memory control unit 97 of the encryption processing unit 65, and the content key K corresponding to the content ID._coAnd search for license agreement information. At this time, it is confirmed that the use permission condition information is a reproducible right. In step S202, the external memory control unit 97 of the encryption processing unit 65 determines the content key K_coAnd the hash value of the data block including the use permission condition information is calculated and transmitted to the control unit 91 of the encryption processing unit 65. In step S203, the control unit 91 of the cryptographic processing unit 65 determines whether or not the hash value stored in the storage module 92 of the cryptographic processing unit 65 matches the hash value received in step S202. If YES, go to step S204.
[0293]
In step S204, the control unit 91 of the encryption processing unit 65 updates the use permission condition information as necessary. For example, when the usage right in the use permission condition information is a coupon ticket, the number of times is subtracted. Accordingly, it is not necessary to update the right to buy out that need not be updated, and in this case, the process jumps to step S208 (not shown). In step S <b> 205, the external memory control unit 97 rewrites and updates the updated use permission condition information transmitted from the control unit 91 to the external memory 67. In step S <b> 206, the external control unit 97 recalculates hash values for all data in the rewritten data block and transmits the hash values to the control unit 91 of the encryption processing unit 65. In step S207, the control unit 91 of the cryptographic processing unit 65 rewrites the hash value stored in the storage module 92 of the cryptographic processing unit 65 with the hash value calculated in step S206.
[0294]
In step S208, the cryptographic processing unit 65 and the decompressing unit 66 perform mutual authentication, and the temporary key K_tempShare The mutual authentication process has been described with reference to FIG. In step S209, the decryption unit 111 of the encryption / decryption module 96 reads the content key K read from the external memory 97._coAre stored keys K supplied from the storage module 92._saveDecrypt with. In step S210, the encryption unit 112 of the encryption / decryption module 96 recognizes the temporary key K shared with the decompression unit 66 earlier._tempContent key K_coRe-encrypt. In step S211, the control unit 91 of the cryptographic processing unit 65 passes the temporary key K via the host controller 62._tempEncrypted content key K_coIs transmitted to the decompression unit 66.
[0295]
In step S 212, the key decryption module 102 of the decompression unit 66 determines the temporary key K supplied from the mutual authentication module 101._tempContent key K_coIs decrypted. In step S 213, the host controller 62 reads the content from the large capacity storage unit 68 and supplies it to the decompression unit 66. The decryption module 103 of the decompression unit 66 that has received the content receives the content key K supplied from the key decryption module 102._coIs used to decrypt the content. In step S214, the decompression module 104 of the decompression unit 66 decompresses the content by a predetermined method such as ATRAC. In step S215, the digital watermark adding module 105 inserts the data instructed from the cryptographic processing unit 65 into the content in the form of a digital watermark (the data passed from the cryptographic processing unit to the decompressing unit is the content key K_coAs well as playback conditions (analog output, digital output, output with copy control signal (SCMS)), the device ID that purchased the content usage right, and the like. The data to be inserted is the ID of the device that purchased this content usage right (that is, the device ID in the license agreement information). In step S216, the decompression unit 66 plays music via a speaker (not shown).
[0296]
Thus, the home server 51 reproduces the content.
[0297]
FIG. 74 is a flowchart for explaining the details of processing in which the home server 51 performs proxy purchase of content usage rights for the stationary device 52. In step S220, the home server 51 and the stationary device 52 perform mutual authentication. The mutual authentication process is the same as the process described with reference to FIG. In step S <b> 221, the host controller 62 of the home server 51 causes the encryption processing unit 65 of the home server 51 to check the registration information read from the mass storage unit 68 of the home server 51. The encryption processing unit 65 that has received the registration information from the host controller 62 has supplied the signature added to the registration information from the storage module 92 of the encryption processing unit 65 to the signature verification unit 115 of the encryption / decryption module 96. Verification is performed using the public key of the electronic distribution service center 1. After successfully verifying the signature, the control unit 91 of the cryptographic processing unit 65 registers the ID of the stationary device in the registration information, and the items “Register” and “Purchase” become “Registerable” and “Purchase”. If it is determined that “registration is possible”, the process proceeds to step S222 (the registration information is also checked on the stationary device 52 side, and the home server 51 is “registration is possible”). Is determined). Steps S225 to S227 are the same as steps S160 to S171 in FIG.
[0298]
In step S228, the control unit 91 of the encryption processing unit 65 determines the delivery key K input in step S225._dIndividual key K encrypted with_iThe delivery key K supplied from the storage module 92 by the decryption unit 111 of the encryption / decryption module 96_dDecrypt using. Next, the control unit 91 of the encryption processing unit 65 performs the individual key K input in step S225._iEncrypted content key K_coIn the decryption unit 111 of the encryption / decryption module 96._iDecrypt using. Then, the control unit 91 of the encryption processing unit 65 uses the encryption unit 112 of the encryption / decryption module 96 to store the temporary key K shared with the stationary device 52 during the mutual authentication in step S220._tempContent key K using_coRe-encrypt. In step S229, the control unit 91 of the encryption processing unit 65 performs the temporary key K_tempEncrypted content key K_coThen, a signature is generated using the signature generation unit 114 of the encryption / decryption module 96 for the use permission condition information generated in step S226, and is transmitted to the host controller 62. Temporary key K_tempEncrypted content key K_coThe host controller 62 of the home server 51 that has received the license agreement information and the signatures thereof receives the content key K from the mass storage unit 68._coRead the content encrypted with (including the signature, the same applies below) and use the temporary key K_tempEncrypted content key K_co, License agreement information, their signature and content key K_coThe encrypted content is transmitted to the stationary device 52.
[0299]
In step S230, the temporary key K_tempEncrypted content key K_co, License agreement information, their signature and content key K_coThe stationary device 52 that has received the content encrypted with the content key K verifies the signature and_coThe content encrypted in step S3 is output to the recording / playback unit 76 of the stationary device 52. Content key K_coThe recording / reproducing unit 76 of the stationary device 52 that has received the content encrypted with the content key K_coThe content encrypted in the above is stored in the recording medium 80.
[0300]
In step S231, the encryption processing unit 73 of the stationary device 52 performs the temporary key K_tempEncrypted content key K_coIs a temporary key K shared with the home server 51 at the time of mutual authentication in step S220 by the decryption unit of the encryption / decryption module._tempDecrypt using. The control unit of the encryption processing unit 73 is an encryption unit of the encryption / decryption module, and the storage key K supplied from the storage module of the encryption processing unit 73._save2 using content key K_coRe-encrypt.
[0301]
In step S232, the encryption processing unit 73 of the stationary device 52 performs the storage key K_saveContent key K encrypted in 2_coThe license agreement information received in step S230 is transmitted to the external memory control unit of the cryptographic processing unit 73 and stored in the external memory 79. The process in which the external memory control unit writes data to the external memory has been described with reference to FIG.
[0302]
Thus, the home server 51 purchases the content usage right, the billing information is stored on the home server 51 side, and the usage right is handed over to the stationary device 52.
[0303]
FIG. 75 is a flowchart showing processing for the home server 51 to purchase a content usage right that has already been purchased by changing it to another usage form. Since steps S240 to S245 in FIG. 75 are the same as the processing described in FIG. 67, description thereof is omitted. In step S246, the cryptographic processing unit 65 of the home server 51 causes the external memory control unit 97 of the cryptographic processing unit 65 to read the usage permission condition information of the content whose usage right is to be changed. The reading of data from the external memory 67 has been described with reference to FIG. If the use permission condition information can be normally read in step S246, the process proceeds to step S247.
[0304]
In step S247, the host controller 62 of the home server 51 uses the display means 64 to display content information whose usage rights can be changed (for example, usage modes and prices whose usage rights can be changed). A usage right content update condition is selected using the means 63. A signal input from the input means 63 is transmitted to the host controller 62 of the home server 51, and the host controller 62 generates a use right content change command based on the signal, and the use right content change command is encrypted by the home server 51. Input to the processing unit 65. The encryption processing unit 65 that has received this generates billing information and new use permission condition information from the handling policy received in step S243, the price information received in step S245, and the use permission condition information read in step S247.
[0305]
Since step S248 is the same as step S171 in FIG. 67, detailed description thereof is omitted. In step S249, the control unit 91 of the cryptographic processing unit 65 outputs the use permission condition information generated in step S247 to the external memory control unit 97 of the cryptographic processing unit 65. The external memory control unit 97 overwrites and updates the received use permission condition information in the external memory 67. The method of rewriting (updating) the external memory control unit 97 to the external memory 67 has been described with reference to FIG.
[0306]
In step S246, when the use permission condition information corresponding to the content ID added to the right content change command is not found in the external memory 67, or the storage block of the external memory storing the use permission condition information is altered. Is found (already described with reference to FIG. 68), the process proceeds to step S251 to perform predetermined error processing.
[0307]
In this way, the home server 51 can purchase a new right using the already purchased right (described in the license right condition information), the handling policy and the price information, and change the contents of the use right. it can.
[0308]
76 and 77 show specific examples of the rule portion of the handling policy and price information. In FIG. 76, the handling policy includes a rule number assigned as a reference number for each usage right, a usage right content number indicating the content of the usage right, its parameters, a minimum selling price, and a profit rate of the content provider. For example, five rules are described. In Rule 1, since the right item is the usage right content number 1, it can be seen from FIG. 44 that the right is a right of reproduction and no time / number limit. It can also be seen that there is no particular description in the parameter item. The minimum selling price is ¥ 350, and the share of the content provider 2 is 30% of the price. In Rule 2, since the right item is the usage right content number 2, it can be seen from FIG. 44 that the right is a right for reproduction, with time restriction, and without time restriction. Further, it can be seen from the parameter item that the usable period is one hour. The minimum selling price is ¥ 100, and the share of the content provider 2 is 30% of the price. In Rule 3, since the right item is the usage right content number 6, it can be seen from FIG. 44 that the right is a copy right (no copy control signal), no time limit, and a number limit. Further, it can be seen from the parameter item that the number of times of use is one. The minimum selling price is ¥ 30, and the share of the content provider 2 is 30% of the price.
[0309]
In Rule 4, since the right item is the usage right content number 13, it can be seen from FIG. 44 that the right is a usage content change. It can be seen from the parameter items that the changeable rule number is # 2 (reproduction right, time limit is, no number limit) to # 1 (reproduction right, time / number limit is not). The minimum selling price is ¥ 200, and the share of the content provider 2 is 20% of the price. The reason why the minimum selling price is presented lower than that of Rule 1 is that it is assumed that the purchased right is traded and repurchased, and the share of Content Provider 2 is presented lower than that of Rule 1. Is to increase the share of the electronic distribution service center 1 that performs the actual work (because the content provider 2 has no work when changing the right contents).
[0310]
In rule 5, since the right item is the usage right content number 14, it can be seen from FIG. 44 that the right is redistribution. The redistributable condition is that a device having rule number # 1 (reproduction right, no time / number limit) purchases and redistributes rule number # 1 (reproduction right, no time / number limit). It can be seen from the parameter item. The minimum selling price is ¥ 250, and the share of the content provider 2 is 20% of the price. The reason why the minimum selling price is presented lower than that of rule 1 is that devices that have already been purchased are considered to be repurchased for the same content, and the share of content provider 2 is presented lower than that of rule 1. This is to increase the share of the electronic distribution service center 1 that performs the actual work (because the content provider 2 has no work at the time of redistribution).
[0311]
In FIG. 77, price information is composed of rule numbers, parameters, and price information assigned as reference numbers for each usage right. For example, five rules are described in this price information. The rule 1 is price information for the rule # 1 of the handling policy, and indicates that when the usage right content number # 1 is purchased, the price is ¥ 500 and the share of the service provider 3 is 30%. Therefore, the ¥ 500 paid by the user is ¥ 150 for the content provider 2, ¥ 150 for the service provider 3, and ¥ 200 for the electronic distribution service center 1. Since rules 2 to 5 are the same, details thereof are omitted.
[0312]
In the rules 4 and 5, the service provider 2 shares less than the rule 1 because the user equipment performs the distribution work of the service provider 2, and the electronic distribution service center 1 collects the price. It is because it is going.
[0313]
In this example, the rule numbers are serial numbers from # 1 to # 5, but this is not always necessary. Since the creator sets the usage right content number and parameters for each rule number and arranges the extracted ones, it is not generally a sequential number.
[0314]
FIG. 78 shows a specific example when changing the contents of rights described in FIG. The handling policy consists of a rule number assigned as a reference number for each usage right, a usage right content number indicating the usage right content, its parameters, minimum selling price, and profit rate of the content provider. Price information is organized by usage right. It consists of rule numbers, parameters and price information attached as numbers, and the license agreement information consists of rule numbers assigned as reference numbers for each usage right, usage right content number indicating the usage right content, and its parameters. Yes. The home server 51 has already purchased the reproduction right of rule number # 2 and the right with time restriction, and rule number # 2 is described in the use permission condition information indicating the content of the right, and the available time is The remaining 30 minutes indicate that the purchase for 2 hours has been made so far. Now, if you want to change from time limit to time limit, you can change it from the handling policy rule 3, the price information rule 3 and the license condition information at ¥ 200 without playback right, time / number of times limit, It can be seen that the condition information changes without rule number # 1, usage right content number replay right, and time / number of times restrictions (parameters in the case of usage right content number # 1 will be described later. For example, it is cheaper to change the contents of the rights after buying the rights with time restrictions once compared to buying the direct reproduction rights and no time / times restriction. Better to do).
[0315]
FIG. 79 is a flowchart illustrating details of processing in which the home server 51 purchases a content usage right for the stationary device 52 and redistributes the usage right. Since steps S260 to 264 are the same as steps S220 to S225 of FIG. 74, detailed description thereof is omitted. In step S265, the cryptographic processing unit 65 of the home server 51 sends to the external memory control unit 97 of the cryptographic processing unit 65 the use permission condition information and the storage key K corresponding to the content to be redistributed._saveEncrypted content key K_coAre read from the external memory 67. The method of reading the external memory 67 by the external memory control unit 97 has been described with reference to FIG. If the reading is successful, the process proceeds to step S266.
[0316]
In step S266, the host controller 62 of the home server 51 uses the display unit 64 to display information on redistributable content (for example, usage form and price of the redistributable content), and the user inputs the input unit 63. Use to select redistribution conditions. This selection process may be performed in advance when the redistribution process is started. The signal input from the input unit 63 is transmitted to the host controller 62 of the home server 51, and the host controller 62 generates a redistribution command based on the signal, and sends the redistribution command to the encryption processing unit 65 of the home server 51. input. Receiving this, the cryptographic processing unit 65 generates billing information and new use permission condition information from the handling policy and price information received in step S264 and the use permission condition information read in step S265.
[0317]
Since step S267 is the same as step S171 in FIG. 67, detailed description thereof is omitted. In step S268, the control unit 91 of the encryption processing unit 65 stores the storage key K read in step S265._saveEncrypted content key K_coIs stored in the decryption unit 111 of the encryption / decryption module 96 from the storage module 92._saveDecrypt using. The control unit 91 of the encryption processing unit 65 uses the encryption unit 112 of the encryption / decryption module 96 to store the temporary key K shared with the stationary device 52 during the mutual authentication in step S260._tempContent key K using_coRe-encrypt. Finally, the signature generation unit 114 of the encryption / decryption module 96 receives the temporary key K_tempEncrypted content key K_coThen, a signature corresponding to the new use permission condition information generated in step S266 is generated and returned to the control unit 91 of the encryption processing unit 65.
[0318]
Since the processing from step S269 to step S272 is the same as that from step S229 to step S232 in FIG. 74, its details are omitted.
[0319]
In this way, the home server 51 creates new license terms information from the usage rights (license terms information), handling policy, and price information held by itself, and the content key K held by the home server 51._coThe content can be redistributed by transmitting it to the stationary device 52 together with the content.
[0320]
FIG. 80 shows the use permission condition information, content key K for the home server 51 for the stationary device 52._coIs a flowchart illustrating the details of the process of purchasing the content use right by the stationary device 52. In step S280, the cryptographic processing unit 73 of the stationary device 52 determines whether or not the total amount of charging information stored in the storage module of the cryptographic processing unit 73 has reached the upper limit, and has not reached the upper limit. In this case, the process proceeds to step S281 (note that the determination may be made based on the upper limit of the number of charging processes, instead of determining based on the total charge upper limit).
[0321]
In step S <b> 281, the host controller 72 of the stationary device 52 inputs the registration information read from the small capacity storage unit 75 of the stationary device 52 to the encryption processing unit 73 of the stationary device 52. The cryptographic processing unit 73 that has received the registration information verifies the signature of the registration information by a signature verification unit of an encryption / decryption module (not shown), and then the item “purchase processing” for the ID of the stationary device 52 is “purchasable”. If it is “purchasable”, the process proceeds to step S282.
[0322]
Since step S282 is the same as step S220 of FIG. 74, its details are omitted. Since step S283 is the same as step S221 in FIG. 74, details thereof are omitted (the home server 51 determines whether the stationary device 52 is registered, and whether the stationary device 52 is registered with the home server 51). Or not). Since step S284 is similar to step S265 of FIG. 79, its details are omitted. Since step S285 is similar to step S268 of FIG. 79, its details are omitted. In step S286, the control unit 91 of the encryption processing unit 65 performs the temporary key K._tempEncrypted content key K_coThen, a signature is generated using the signature generation unit 114 of the encryption / decryption module 96 for the use permission condition information read out in step S284 and is transmitted to the host controller 62. Temporary key K_tempEncrypted content key K_coThe host controller 62 of the home server 51 that has received the license agreement information and the signatures thereof receives the content key K from the mass storage unit 68._coContent encrypted with, read handling policy and its signature, price information and its signature as necessary, temporary key K_tempEncrypted content key K_co, License agreement information, their signature, content key K_coThe encrypted content, the handling policy, its signature, price information, and its signature are transmitted to the stationary device 52.
[0323]
Since step S287 is the same as step S230 of FIG. 74, its details are omitted. Since step S288 is the same as step S225 of FIG. 74, its details are omitted. In step S289, the host controller 72 of the stationary device 52 uses the display unit 78 to display information on redistributable content (for example, usage form and price of the redistributable content), and the user inputs the input unit 77. Use to select redistribution conditions. This selection process may be performed in advance when the redistribution process is started. The signal input from the input means 77 is transmitted to the host controller 72 of the stationary device 52. The host controller 72 generates a redistribution command based on the signal, and sends the redistribution command to the encryption processing unit 73 of the stationary device 52. input. Receiving this, the cryptographic processing unit 73 generates billing information and new use permission condition information from the handling policy, price information, and use permission condition information received in step S286.
[0324]
In step S290, the cryptographic processing unit 73 of the stationary device 52 stores the billing information generated in step S289 in a storage module of the cryptographic processing unit 73 (not shown). In step S291, the encryption processing unit 73 of the stationary device 52 receives the temporary key K received in step S286._tempEncrypted content key K_coIs the temporary key K shared in step S282 by the decryption unit of the encryption processing unit 73 (not shown)._tempDecrypt using. The encryption processing unit 73 of the stationary device 52 is an encryption unit of the encryption processing unit 73 (not shown), and a storage key K supplied from a storage module of the encryption processing unit 73 (not shown)._save2 using content key K_coIs encrypted.
[0325]
In step S292, the cryptographic processing unit 73 of the stationary device 52 uses the use permission condition information generated in step S289 and the storage key K generated in step S291._saveContent key K encrypted in 2_coIs transmitted to an external memory control unit of the cryptographic processing unit 73 (not shown). License agreement information and storage key K_saveContent key K encrypted in 2_co, The external memory control unit receives the license agreement condition information and the storage key K._saveContent key K encrypted in 2_coIs written in the external memory 79. Since the tampering check at the time of writing has been described with reference to FIG. 69, its details are omitted.
[0326]
As described above, the stationary device 52 uses the usage right (use permission condition information), handling policy, price information, content key K held by the home server 51._coBy receiving the content from the home server 51 and creating new use permission condition information by the stationary device 52, the content can be redistributed.
[0327]
FIG. 81 is a diagram for explaining the management transfer right. The management move is an operation that can transfer the playback right from the device 1 to the device 2. The transfer of the right from the device 1 to the device 2 is the same as the normal transfer, but the device 2 receives the received playback right. This is different from normal movement in that it cannot be re-migrated (as with normal movement, the device 1 after moving the reproduction right cannot re-move the reproduction right). The device 2 that has received the reproduction right by management transfer can return the reproduction right to the device 1, and after the return, the device 1 can transfer the reproduction right again, and the device 2 cannot continue. In order to realize these, the license transfer condition information manages the purchaser of the management transfer right and the holder of the current management transfer right (in this case, the management transfer is performed only when the user has the usage right content number # 1) It is assumed that it can be done, but it can be extended even with usage right content number # 2.)
[0328]
In FIG. 81, the rule 1 of the handling policy has been described with reference to FIG. In Rule 2, since the right item is the usage right content number 16, it can be seen from FIG. 44 that the right is a management transfer right. It can also be seen that there is no particular description in the parameter item. The minimum selling price is ¥ 100, and the share of the content provider 2 is 50% of the price. The reason why the share of the content provider 2 is presented higher than that of the rule 1 is that the service provider 3 does not perform any actual work, so that the share is sent to the content provider 2.
[0329]
In FIG. 81, the rule 1 of price information has been described with reference to FIG. The rule 2 is price information for the rule # 2 of the handling policy, and indicates that when the usage right content number # 16 is purchased, the price is ¥ 100 and the share of the service provider 3 is 0%. Accordingly, the ¥ 100 paid by the user is ¥ 50 for the content provider 2, ¥ 0 for the service provider 3, and ¥ 50 for the electronic distribution service center 1.
[0330]
In FIG. 81, the user first purchases rule number # 1 (reproduction right, no time / number limit). However, at this time, it does not have the management transfer right (state (a) in FIG. 81). Next, the user purchases the management transfer right (since these operations are instantaneous, the user seems to have purchased all at once). The rule number of the license agreement is that the ID of the encryption processing unit indicating the purchaser (hereinafter referred to as the purchaser) is ID1 (for example, the ID of the home server 51), and the ID of the encryption processing unit holding the reproduction right (hereinafter referred to as the holder) ) Becomes ID2 (the state shown in FIG. 81B). When this is managed and moved to the stationary device 52, the rule section of the license condition information held by the home server 51 is changed to ID2 while the purchaser remains ID1. Further, the rule part of the license condition information held by the stationary device 52 that has received the reproduction right by the management move is ID1 for the purchaser and ID2 for the holder, and is combined with the license condition information of the home server 51.
[0331]
FIG. 82 is a flowchart for explaining the details of the management transfer right transfer process. In FIG. 82, step S300 is the same as step S220 of FIG. Further, step S301 is the same as step S221 in FIG. Since step S302 is the same as step S246 in FIG. 75, its details are omitted. In step S303, the cryptographic processing unit 65 of the home server 51 examines the rule part in the read use permission condition information to determine whether the usage right is a reproduction right, no time / number of restrictions, or a management transfer right. . If it is determined that there is a management transfer right, the process proceeds to step S304.
[0332]
In step S <b> 304, the control unit 91 of the encryption processing unit 65 determines whether the purchaser and holder of the management transfer right are both IDs of the home server 51. If it is determined that both the purchaser and holder of the management transfer right have the ID of the home server 51, the process proceeds to step S305. In step S <b> 305, the control unit 91 of the encryption processing unit 65 rewrites the holder of the management transfer right of the use permission condition information with the ID of the stationary device 52. In step S306, the control unit 91 of the cryptographic processing unit 65 outputs the use permission condition information rewritten in step S305 to the external memory control unit 97 of the cryptographic processing unit 65. The external memory control unit 97 of the encryption processing unit 65 that has received the use permission condition information overwrites and saves the use permission condition information in the external memory 67. Since the method for rewriting and storing the data in the external memory 67 has been described with reference to FIG. 70, the details thereof will be omitted. Since steps S307 to S311 are the same as steps S268 to S272 in FIG. 79, the details thereof are omitted.
[0333]
If it is determined in step S303 that the management transfer right is not included in the use permission condition information, or if the purchaser or holder of the management transfer right is not the home server 51 in step S304, the process is interrupted.
[0334]
In this way, the right to reproduce the content can be transferred from the home server 51 to the stationary device 52.
[0335]
FIG. 83 is a flowchart for explaining processing for returning the management movement right from the stationary device 52 that currently holds the management movement right to the home server 51 that is the purchaser of the management movement right. In FIG. 83, step S320 is the same as step S220 in FIG. Since step S321 is the same as step S221 in FIG. 74, the details thereof will be omitted, but it is assumed that both the home server 51 and the stationary device 52 are inspecting whether the other party's ID is registered. If it is determined that it is registered, the process proceeds to step S322. Since step S322 is the same as step S246 in FIG. 75, the details thereof are omitted, but it is assumed that data of the same content ID is read out by both the home server 51 and the stationary device 52. If the data can be read correctly from the external memory, the process proceeds to step S323. Since step S323 is the same as step S303 in FIG. 82, the details thereof are omitted, but it is determined that both the home server 51 and the stationary device 52 have the management transfer right. If it is determined that there is a management transfer right, the process proceeds to step S324.
[0336]
In step S324, the encryption processing unit 65 of the home server 51 determines whether the purchaser of the management transfer right is the ID of the home server 51 and the holder is the ID of the stationary device 52. If it is determined that the purchaser of the management transfer right is the ID of the home server 51 and the holder is the ID of the stationary device 52, the process proceeds to step S325. Similarly, the encryption processing unit 73 of the stationary device 52 determines whether the purchaser of the management transfer right is the ID of the home server 51 and the holder is the ID of the stationary device 52. If it is determined that the purchaser of the management transfer right is the ID of the home server 51 and the holder is the ID of the stationary device 52, the process proceeds to step S325.
[0337]
In step S325, the recording / playback unit 76 of the stationary device 52 deletes the content from the recording medium 80 (however, since encrypted data remains only, it is not necessary to delete it forcibly). In step S326, the encryption processing unit 73 of the stationary device 52 stores the storage key K stored in the external memory 79 in the external memory control unit of the encryption processing unit 73 (not shown)._saveContent key K encrypted in 2_coAnd delete the license agreement information. Since the method for deleting shimmer in the external memory 79 has been described with reference to FIG. 71, the details thereof will be omitted.
[0338]
In step S <b> 327, the control unit 91 of the cryptographic processing unit 65 generates use permission condition information in which the holder of the management transfer right of the use permission condition information is rewritten to the ID of the home server 51. In step S328, the control unit 91 of the cryptographic processing unit 65 outputs the use permission condition information generated in step S327 to the external memory control unit 97 of the cryptographic processing unit 65. The external memory control unit 97 of the encryption processing unit 65 that has received the use permission condition information overwrites and saves the use permission condition information in the external memory 67. Since the method of rewriting and saving in the external memory 67 has been described with reference to FIG. 70, the details thereof are omitted.
[0339]
If the registration information is falsified in the home server 51 or the stationary device 52 in step S321 or the ID of the counterpart device is not registered in step S321, the home server 51 or the stationary device 52 stores the predetermined information in the external memory. If the content key or license agreement condition information for the content is not found or if the memory block including the content key has been altered, the process proceeds to step S329 and error processing is performed.
[0340]
If the home server 51 or the stationary device 52 does not have a management transfer right in the use permission condition information in step S323, the purchaser is the home server 51 and the holder is stationary in the home server 51 or the stationary device 52 in step S324. If it is not the device 52, the process is interrupted.
[0341]
In this way, the right to reproduce the content from the stationary device 52 to the home server 51 can be returned.
[0342]
Content and content key K_coAlthough only one is described, it is assumed that there are a plurality if necessary.
[0343]
In this example, the content provider 2 and the service provider 3 are handled separately, but may be combined into one. Furthermore, the method of the content provider 2 may be diverted to the service provider 3 as it is.
[0344]
(2) Encryption processing using individual keys
The content provider 2 encrypts the content with the content key created by itself as described above with reference to FIG. Further, the content provider 2 receives from the electronic distribution service center 1 an individual key unique to the content provider and an individual key encrypted with the delivery key, and encrypts the content key with the individual key. Thus, the content provider 2 supplies the content encrypted with the content key, the content key encrypted with the individual key, and the individual key encrypted with the delivery key to the user home network 5 via the service provider 3. To do.
[0345]
In the user home network 5, the individual key unique to the content provider is decrypted using the delivery key received from the electronic distribution service center 1. As a result, the user home network 5 can decrypt the content key supplied from the content provider 2 after being encrypted with the individual key unique to the content provider. The user home network 5 that has obtained the content key can decrypt the content using the content key.
[0346]
Here, the individual key is unique to each content server, whereas the delivery key is only one type. Therefore, if the user home network 5 has only one type of delivery key, the individual key from each content provider can be decrypted. Therefore, the user home network 5 does not need to have an individual key unique to each content provider, and the contents of all the content providers can be purchased only by having a delivery key.
[0347]
In addition, each content provider cannot decrypt an individual key (encrypted with a delivery key) unique to another content provider because it does not have a delivery key. This can prevent the content from being stolen between content providers.
[0348]
Here, in order to clarify the configuration of the above embodiment and each means of the invention described in the claims, the corresponding embodiment (however, an example) is shown in parentheses after each means. In addition, the characteristics of the present invention will be described as follows. However, of course, this description does not mean that each means is limited to the description.
[0349]
That is, in the information transmission system of the present invention, the individual key storage memory (for example, the resistance of FIG. 84) possessed by the content supplier or content distributor (for example, the content transmission apparatus 200 of FIG. 84) that transmits information such as content. Tamper memory 201), content key K_coIndividual key K_iMeans for encryption (for example, the data encryption unit 203 in FIG. 84), the content key K_coMeans for generating a handling policy describing usage conditions and the like (for example, the handling policy generation unit 206 in FIG. 84), and means for generating a digital signature for various data (for example, the signature generation unit in FIG. 84) 207), means for verifying signature data generated for various data possessed by the user who purchases the content (for example, the content receiving device 210 in FIG. 84) (for example, the signature verification unit 222 in FIG. 84), and a content key K_co84. The means for comparing the ID indicating the creator of the policy and the ID of the creator of the handling policy (for example, the comparator 226 in FIG. 84) and the means for storing the delivery key (for example, the tamper resistant memory 221 in FIG. 84). ).
[0350]
Further, in the information transmission system of the present invention, the individual key storage memory (for example, the resistance of FIG. Tamper memory 201), memory for storing the key certificate (for example, memory 202 in FIG. 85), content key K_coIndividual key K_iFor verifying signature data generated with respect to various types of data possessed by means for encrypting the data (for example, the data encryption unit 203 in FIG. 85) and the user purchasing the content (for example, the content receiving apparatus 210 in FIG. 85) Means (for example, signature verification unit 222 in FIG. 85) and means (for example, tamper-resistant memory 221 in FIG. 85) for storing the delivery key.
[0351]
(3) Remote playback processing
A remote playback process for receiving a playback command from a device (for example, home server 51) that holds content by a device (for example, stationary device 52) that does not hold the right to play the content and playing the content will be described.
[0352]
FIG. 86 shows a remote reproduction processing procedure. First, after the content ID of the content to be remotely reproduced is input to the host controller 62 by the user's input operation, the home server 51 and the stationary device 52 are mutually authenticated in step S401. To do. The mutual authentication process is the same as the process described with reference to FIG. In step S <b> 402, the host controller 62 of the home server 51 causes the encryption processing unit 65 of the home server 51 to check the registration information read from the mass storage unit 68 of the home server 51. The encryption processing unit 65 that has received the registration information from the host controller 62 is supplied with the signature added to the registration information from the storage module 92 of the encryption processing unit 65 to the signature verification unit 115 of the encryption / decryption module 96. Verification is performed using the public key of the certificate authority 22. After successful verification of the signature, it is determined whether the “registration” item is “registerable”, and if it is determined that “registration is possible”, the process proceeds to step S403. The registration information is also examined on the stationary device 52 side, and it is determined that the home server 51 is “registerable”.
[0353]
In step S403, the host controller 62 generates a playback command including the content ID of the content to be remotely played. In subsequent step S404, the encryption processing unit 65 of the home server 51 sends the external memory control unit 97 of the encryption processing unit 65 to the external memory control unit 97. License agreement information and storage key K corresponding to the content to be played remotely_saveEncrypted content key K_coAre read from the external memory 67. The method of reading data from the external memory 67 by the external memory control unit 97 is as described with reference to FIG. 68, and details thereof are omitted. If the reading is successful, the process proceeds to step S405.
[0354]
In step S405, the decryption unit 111 of the encryption / decryption module 96 reads the content key K read from the external memory 67._coAre stored keys K supplied from the storage module 92._saveDecrypt with. In step S406, the encryption unit 112 of the encryption / decryption module 96 sets the temporary key K_tempContent key K_coIs encrypted, and in step S407, the playback command is sent to the temporary key K._tempEncrypt with
[0355]
In step S408, the home server 51 continues with the content to be remotely reproduced (content key K_coIs encrypted from the large-capacity storage unit 68, and this is stored in the temporary key K in steps S406 and S407 described above._tempThe encrypted content key and the reproduction command are transmitted to the stationary device 52.
[0356]
In step S409, the stationary device 52 uses the content key and reproduction command received from the home server 51 as the temporary key K._tempIn step S410, the encryption processing unit 73 and the decompression unit 74 perform mutual authentication, and the temporary key K_tempShare 2 In step S411, the cryptographic processing unit 73 then shares the temporary key K shared with the decompression unit 74 in step S410 described above._temp2 for content key K_coAnd the playback command is encrypted. In step S412, the encryption processing unit 73 determines that the temporary key K_tempContent key K encrypted in 2_coAnd the reproduction command are transmitted to the decompression unit 74, and the decompression unit 74 transmits the content key K in step S413._coAnd play command temporary key K_temp2 for decryption.
[0357]
In step S414, the decompression unit 74 decrypts the content key K decrypted in the above-described step S413 in accordance with the reproduction command decrypted in the above-described step S413 from the home server 51 in the above-described step S408._coDecrypt with. Then, the decompressing unit 74 decompresses the decrypted content by a predetermined method, for example, a method such as ATRAC in step S415. In step S416, the host controller 72 inserts the data instructed from the encryption processing unit 73 into the content in the form of a digital watermark. Incidentally, the data passed from the encryption processing unit 73 to the decompression unit 74 is the content key K_coIn addition to the playback command, the playback condition (analog output, digital output, output with copy control signal (SCMS)), the device ID that purchased the content usage right, and the like are also included. The data to be inserted is the ID of the device that has purchased this content usage right, that is, the device ID in the use permission condition information. In step S417, the decompression unit 74 plays music through a speaker (not shown).
[0358]
In the above configuration, the home server 51 has content, a playback command for the content, and a content key K._coIs transmitted to the stationary device 52, so that the stationary device 52 that does not hold the right to reproduce the content can reproduce the reproduction command and the content key K._coThe content can be reproduced using. Therefore, according to the above configuration, the content can be played back on a plurality of devices (stationary devices or the like) connected to the device that holds the content (device that has the right to play back the content).
[0359]
(4) Reservation purchase processing
A reservation purchase process of a home server that performs content key conversion in advance before a delivery key expires and makes a content purchase reservation will be described. In step S451 of the reservation purchase processing procedure shown in FIG. 87, the home server 51 performs registration information update determination processing, and proceeds to step S452. The registration information update determination process is as described with reference to FIGS. 61 and 62, and a detailed description thereof is omitted. However, in the reservation purchase process, the determination of the registration information update timing based on the number of purchases and the purchase price described in steps S601 and S602 of FIG. 61 may not be performed.
[0360]
In step S 452, the host controller 62 of the home server 51 inputs the registration information read from the large capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the registration information verifies the signature of the registration information by the signature verification unit 115 of the encryption / decryption module 96, and then the items of “purchase processing” and “registration” for the ID of the home server 51 are “ It is determined whether or not “Purchase is possible” and “Registration is possible”. If “Purchase is possible” and “Registration is possible”, the process proceeds to Step S453. In step S 453, the host controller 62 of the home server 51 inputs the public key certificate of the content provider 2 read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the public key certificate of the content provider 2 verifies the signature of the public key certificate of the content provider 2 by the signature verification unit 115 of the encryption / decryption module 96, and then the content from the public key certificate. The public key of provider 2 is taken out. As a result of the signature verification, if it is confirmed that no falsification has been made, the upper controller 62 proceeds to step S454.
[0361]
In step S454, the host controller 62 of the home server 51 reads the content key K read from the mass storage unit 68 of the home server 51._coIs input to the encryption processing unit 65 of the home server 51. Content key K_coIs received by the signature verification unit 115 of the encryption / decryption module 96._coIf it is confirmed that the falsification has not been made, the process proceeds to step S455.
[0362]
In step S455, the host controller 62 of the home server 51 reads the individual key K read from the mass storage unit 68 of the home server 51._iIs input to the encryption processing unit 65 of the home server 51. Individual key K_iThe encryption processor 65 receives the individual key K in the signature verification unit 115 of the encryption / decryption module 96._iIf it is confirmed that the falsification has not been made, the process proceeds to step S456.
[0363]
Where individual key K_iEncrypted content key K_coAnd delivery key K_dIndividual key K encrypted with_iWhen one signature is attached to the whole, S454 and S455 can be combined into one, and the signature verification process can be simplified.
[0364]
In step S456, the control unit 91 of the encryption processing unit 65 performs the individual key K input in step S455._iThe delivery key K supplied from the storage module 92 by the decryption unit 111 of the encryption / decryption module 96_dDecrypt using. Next, the control unit 91 of the encryption processing unit 65 determines the content key K input in step S454._coIs decrypted by the decryption unit 111 of the encryption / decryption module 96._iDecrypt using. Finally, the control unit 91 of the encryption processing unit 65 is the encryption key 112 of the encryption / decryption module 96 and the storage key K supplied from the storage module 92._saveContent key K using_coIs encrypted.
[0365]
In step S457, the storage key K_saveEncrypted content key K_coIs stored in the external memory 67 via the external memory control unit 97 of the encryption processing unit 65.
[0366]
If it is determined in step S452 that the home server 51 is a device that cannot be purchased, or if it is determined in step S453 that the signature of the public key certificate of the content provider 2 is incorrect, or if the individual key is determined in step S454. K_iEncrypted content key K_coOr when the delivery key K is determined to be incorrect in step S455._dIndividual key K encrypted with_iWhen the home server 51 determines that the signature is incorrect, the home server 51 proceeds to step S458 and performs error processing.
[0367]
As described above, the home server 51 uses the content key K_coIndividual key K_iAfter decrypting with the content key K_coSave key K_saveThe data is re-encrypted and stored in the external memory 67. Since the reservation purchase process does not actually purchase the content, among the purchase processes described above with reference to FIG. 67, the process for the billing information in the registration information update determination process in step S161, the purchase content corresponding to step S164. Processing, processing for the handling policy corresponding to step S167, processing for service provider public key verification corresponding to step S168, processing for signature verification of price information corresponding to step S169, and processing corresponding to steps S170 to S172 The storage process of the billing information and the license agreement information may not be performed.
[0368]
Incidentally, in the case of the reservation purchase process of FIG. 87, the home server 51 did not create the license agreement condition information, but instead created the license agreement condition information and initialized the usage right content number (ie, the right item). You may make it the state which does not have rights, such as a value (for example, # 0 which does not exist).
[0369]
In this way, in the reservation purchase process, the home server 51 uses the delivery key K_dBefore the expiration date of the content key K_coIs stored in the external memory 67 to save the stored content key K._coFor content encrypted by_dCan be purchased regardless of the deadline.
[0370]
Here, the content key K is stored in the external memory 67 in the home server 51._coThe main purchase processing of the content for which purchase reservation has been made by saving is described. In step S471 of the main purchase processing procedure shown in FIG. 88, the home server 51 performs registration information update determination processing, and proceeds to step S472. Details of the registration information update determination process are omitted as described with reference to FIGS. 61 and 62. However, in this purchase process, the delivery key K described in step S603 of FIG._dIt is not necessary to determine the registration information update timing based on.
[0371]
In step S 472, the host controller 62 of the home server 51 inputs the registration information read from the large capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the registration information verifies the signature of the registration information by the signature verification unit 115 of the encryption / decryption module 96, and then the items of “purchase processing” and “registration” for the ID of the home server 51 are “ It is determined whether the item is “purchasable” and “registration is possible”. If “purchase is possible” and “registration is possible”, the process proceeds to step S473. In step S 473, the host controller 62 of the home server 51 inputs the public key certificate of the content provider 2 read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the public key certificate of the content provider 2 verifies the signature of the public key certificate of the content provider 2 by the signature verification unit 115 of the encryption / decryption module 96, and then the content from the public key certificate. The public key of provider 2 is taken out. As a result of the signature verification, if it is confirmed that no falsification has been made, the process proceeds to step S474.
[0372]
In step S 474, the host controller 62 of the home server 51 inputs the content read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The encryption processing unit 65 that has received the content verifies the signature of the content by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that the content has not been tampered with, the process proceeds to step S475.
[0373]
In step S475, the host controller 62 of the home server 51 inputs the handling policy read from the large capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the handling policy verifies the signature of the handling policy by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that no falsification has been made, the process proceeds to step S476. In step S 476, the host controller 62 of the home server 51 inputs the public key certificate of the service provider 3 read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the public key certificate of the service provider 3 verifies the signature of the public key certificate of the service provider 3 by the signature verification unit 115 of the encryption / decryption module 96, and then uses the service from the public key certificate. The public key of provider 3 is taken out. As a result of the signature verification, if it is confirmed that no falsification has been made, the process proceeds to step S477.
[0374]
In step S 477, the host controller 62 of the home server 51 inputs the price information read from the mass storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. The cryptographic processing unit 65 that has received the price information verifies the signature of the price information by the signature verification unit 115 of the encryption / decryption module 96. If it is confirmed that the price information has not been tampered with, the processing proceeds to step S478.
[0375]
In step S478, the host controller 62 of the home server 51 uses the display unit 64 to display information on the content that can be purchased (for example, the usage form and price that can be purchased), and the user purchases using the input unit 63. Select an item. The purchase item selection process may be performed prior to the main purchase process. The signal input from the input means 63 is transmitted to the host controller 62 of the home server 51. The host controller 62 generates a purchase command based on the signal and inputs the purchase command to the encryption processing unit 65 of the home server 51. . Receiving this, the cryptographic processing unit 65 generates billing information and use permission condition information from the handling policy input in step S475 and the price information input in step S477. The billing information is as described with reference to FIG. 42, and details thereof are omitted. Further, the use permission condition information is as described with reference to FIG. 41, and details thereof are omitted.
[0376]
In step S479, the control unit 91 of the encryption processing unit 65 stores the billing information generated in step S478 in the storage module 92. In step S480, the control unit 91 of the encryption processing unit 65 transmits the use permission condition information generated in step S478 to the external memory control unit 97 of the encryption processing unit 65. The external memory control unit 97 that has received the use permission condition information performs a tampering check of the external memory 67 and then writes the use permission condition information to the external memory 67. The tampering check at the time of writing is the same as described above with reference to FIG. 69, and detailed description thereof is omitted (in the case where unlicensed use permission condition information has already been written, the rewriting process described with reference to FIG. 70 is performed). Renew and update the license agreement information).
[0377]
Incidentally, if it is determined in step S472 that the home server 51 is a device that cannot be purchased or is not registered, or if it is determined in step S473 that the signature of the public key certificate of the content provider 2 is not correct, Alternatively, in step S474, the content key K_coIf it is determined that the signature of the encrypted content is incorrect, or if it is determined that the handling policy signature is incorrect in step S475, or if the signature of the public key certificate of the service provider 3 is correct in step S476. If it is determined that the price information signature is not correct in step S477, the home server 51 proceeds to step S481 and performs error processing.
[0378]
As described above, the home server 51 stores the billing information for the content selected for purchase by the user in the storage module 92 and stores the use permission condition information in the external memory 67, thereby ending the actual content purchase processing. . In the main purchase process, the content key K already performed in the reservation purchase process described above with reference to FIG._coSignature verification (step S454) and individual key K_iSignature verification (step S455) and content key K_coIs not performed (step S456).
[0379]
In the above configuration, the home server 51 has the delivery key K_dContent key K through the reservation purchase process_coIs stored in the external memory 67 so that the content key K_coDelivery key K required for decrypting_dEven if is updated, the content key K_coIs already stored in the external memory 67, the delivery key K_dThe content can be purchased even if the expiration date of.
[0380]
(5) Proxy purchase processing
The proxy purchase processing for transferring contents between devices having different registration information (Registration List), that is, devices having different groups will be described. In this proxy purchase process, for example, when the content is exchanged between the home server 51 and a mobile device that is an ungrouped device with respect to the home server 51, the home server 51 is charged, and the ungrouped device Each case where charging is performed will be described. In this case, the stationary device 52 described above with reference to FIG. 15 will be described as an out-group device.
[0381]
FIG. 89 shows a processing procedure when the home server 51 delivers contents to an ungrouped device and the home server 51 performs a charging process. In step S501, the home server 51 and the ungrouped device perform mutual authentication. The mutual authentication process is the same as the process described with reference to FIG. In step S502, the home server 51 and the non-group device exchange registration information with each other, and in the subsequent step S503, each other's registration information is checked.
[0382]
That is, the home server 51 causes the encryption processing unit 65 to check the registration information received from the non-group device. The encryption processing unit 65 that has received the registration information from the non-group device supplies the signature added to the registration information to the signature verification unit 115 of the encryption / decryption module 96 from the storage module 92 of the encryption processing unit 65. Verify with the public key. After successfully verifying the signature, the control unit 91 of the cryptographic processing unit 65 registers the ID of the non-group device in the registration information, and the items “Purchase processing” and “Registration” are “Purchasable” and “Registerable”. It is determined whether or not. Similarly, an out-of-group device that has received the registration information of the home server 51 also registers the ID of the home server 51 in the registration information of the home server 51, and whether or not the “registration” item is “registrable”. Determine whether. When it is confirmed that the other device is registered, the home server 51 proceeds to step S504.
[0383]
Steps S504 to S510 are the same as steps S161 to S171 in FIG.
[0384]
In step S511, the control unit 91 of the encryption processing unit 65 determines the delivery key K input in step S508._dIndividual key K encrypted with_iThe delivery key K supplied from the storage module 92 by the decryption unit 111 of the encryption / decryption module 96_dDecrypt using. Next, the control unit 91 of the cryptographic processing unit 65 determines the individual key K input in step S508._iEncrypted content key K_coIs decrypted by the decryption unit 111 of the encryption / decryption module 96._iDecrypt using. Then, the control unit 91 of the encryption processing unit 65 uses the encryption unit 112 of the encryption / decryption module 96 to store the temporary key K shared with the device outside the group at the time of mutual authentication in step S501._tempContent key K using_coRe-encrypt. In step S512, the control unit 91 of the cryptographic processing unit 65 determines that the temporary key K_tempEncrypted content key K_coThen, a signature is generated using the signature generation unit 114 of the encryption / decryption module 96 for the use permission condition information generated in step S509 and transmitted to the upper controller 62. Temporary key K_tempEncrypted content key K_coThe host controller 62 of the home server 51 that has received the license agreement information and the signatures thereof receives the content key K from the mass storage unit 68._coRead the content encrypted with the temporary key K_tempEncrypted content key K_co, License agreement information, their signature and content key K_coSend the encrypted content to the device outside the group.
[0385]
In step S513, the temporary key K_tempEncrypted content key K_co, License agreement information, their signature and content key K_coThe device outside the group that has received the content encrypted with the content key K_coThe content encrypted in step S3 is output to the recording / playback unit 76 of the device outside the group. Content key K_coThe recording / playback unit 76 of the device outside the group that has received the content encrypted by the content key K_coThe content encrypted in the above is stored in the recording medium 80.
[0386]
In step S514, the cryptographic processing unit 73 of the non-group device verifies the signature received from the home server in step S512 described above, and uses the temporary key K._tempEncrypted content key K_coIs the temporary key K shared with the home server 51 during the mutual authentication in step S501 by the decryption unit of the encryption / decryption module._tempDecrypt using. The control unit of the encryption processing unit 73 is an encryption unit of the encryption / decryption module, and the storage key K supplied from the storage module of the encryption processing unit 73._save2 using content key K_coRe-encrypt.
[0387]
In step S515, the encryption processing unit 73 of the non-group device performs the storage key K_saveContent key K encrypted in 2_coThe license agreement information received in step S513 is transmitted to the external memory control unit of the cryptographic processing unit 73 and stored in the external memory 79. The process in which the external memory control unit writes data to the external memory has been described with reference to FIG.
[0388]
In this way, the home server 51 purchases the content usage right, the billing information is stored on the home server 51 side, and the usage right is handed over to a device outside the group. As a result, the home server 51 pays for the right to use the content delivered to the device outside the group.
[0389]
Next, FIG. 90 shows a processing procedure in the case where the home server 51 delivers the content to the non-group device and the non-group device performs the billing process. In step S551, the non-group device transmits the contents in the encryption processing unit 73 (FIG. 15). In step S552, it is determined whether or not the total amount of the charging information stored in the table has reached the upper limit. If the upper limit has not been reached, the process proceeds to step S552. It may be determined by the upper limit of the number of processing cases).
[0390]
In step S <b> 552, the host controller 72 of the non-group device inputs the registration information read from the external memory 79 to the encryption processing unit 73. The encryption processing unit 73 that has received the registration information verifies the signature of the registration information by the signature verification unit of the encryption / decryption module provided therein, and then performs “purchase processing” for the ID of the device outside the group (stationary device 52). The item “” is “Purchasable”. If it is “Purchasable”, the process proceeds to Step S553.
[0390]
In step S553, the home server 51 and the non-group device perform mutual authentication. The mutual authentication process is the same as the process described with reference to FIG. In step S554, the home server 51 and the non-group device exchange registration information with each other, and in the subsequent step S555, each other's registration information is checked.
[0392]
That is, the home server 51 causes the encryption processing unit 65 to check the registration information received from the non-group device. The encryption processing unit 65 that has received the registration information from the non-group device supplies the signature added to the registration information to the signature verification unit 115 of the encryption / decryption module 96 from the storage module 92 of the encryption processing unit 65. Verify with the public key. After successfully verifying the signature, the control unit 91 of the cryptographic processing unit 65 determines whether or not the ID of the non-group device is registered in the registration information, and the “registration” item is “registerable”. Similarly, an out-of-group device that has received the registration information of the home server 51 also registers the ID of the home server 51 in the registration information of the home server 51, and whether or not the “registration” item is “registrable”. Determine whether. It should be noted that the same processing is also performed for devices outside the group. If it is confirmed that the other device is registered, the home server 51 proceeds to step S556.
[0393]
In step S556, the control unit 91 of the home server 51 reads the already purchased content key from the external memory 67 via the external memory control unit 97, and in the subsequent step S557, the content key K_coSave key K_saveDecrypt with and temporary key K_tempTo re-encrypt and generate their signature.
[0394]
In step S558, the home server 51 stores the storage key K generated in S557._tempThe content key encrypted in step S3 and the content read from the large-capacity storage unit 68, the handling policy, and the price information are transmitted to the device outside the group. In step S559, the non-group device saves the content received from the home server 51 in the recording medium 80.
[0395]
In step S560, after the non-group device (stationary device 52) verifies the signature of the handling policy, price information, etc., in step S561, the host controller 72 of the non-group device uses the display means 78 to purchase the contents that can be purchased. Information (for example, a usage form or a price that can be purchased) is displayed, and the user selects a purchase item using the input means 77. The purchase item selection process may be performed prior to the proxy purchase process. The signal input from the input unit 77 is transmitted to the host controller 72, and the host controller 72 generates a purchase command based on the signal and inputs the purchase command to the encryption processing unit 73. Receiving this, the cryptographic processing unit 73 generates charging information and use permission condition information from the handling policy and price information input in step S560. The accounting information has been described with reference to FIG. Since the use permission condition information has been described with reference to FIG. 41, the details thereof are omitted.
[0396]
In step S562, the cryptographic processing unit 73 stores the billing information generated in step S561 in the storage module in the cryptographic processing unit 73. In step S563, the encryption processing unit 73 verifies the signature of the content key encrypted in step S557 and uses the temporary key K._tempDecrypted with the storage key K_save2 for re-encryption. In step S564, the storage key K_saveContent key K encrypted in 2_coIs stored in the external memory 79 from the cryptographic processing unit 73.
[0397]
In this way, the home server 51 delivers the purchased content usage right to the non-group device, and the non-group device stores the billing information, so that the non-group device delivers the content usage right delivered from the non-group home server 51. Will pay for that.
[0398]
In the above configuration, as described above with respect to step S502 and step S554 described above, devices that have different registration information (Registration List) can be registered by exchanging registration information with each other. After confirmation, the content of one device can be delivered to the other device. Therefore, according to the above configuration, content can be exchanged between devices in different groups.
[0399]
  In the above-described embodiment, the signature of the content is verified at the time of the purchase process, but it may be omitted because the process takes time. In addition, describe the necessity of verification in the handling policy or price information and follow it.TsuMay work.
[0400]
(6) Configuration of recording / reproducing apparatus
In the electronic music distribution system 10, a recording / reproducing apparatus 140 shown in FIG. 91 is provided as a device in the user home network 5. The recording / reproducing apparatus 140 is detachably provided with an electronic distribution dedicated recording medium 141 that is a data storage apparatus.
[0401]
The recording / reproducing apparatus 140 can record the content electronically distributed from the service provider 3 via the network 4 on the electronic distribution dedicated recording medium 141 and reproduce the content from the electronic distribution dedicated recording medium 141.
[0402]
Actually, the recording / reproducing apparatus 140 includes a communication unit 150 that is a receiving unit, a host controller 151 that is a recording / reproducing control unit, an encryption processing unit 152, a decompression unit 153 that is a content decrypting unit, an input unit 154, a display unit 155, and a large unit. A capacity storage unit 156 is configured. The communication unit 150 communicates with the electronic distribution service center 1 and communicates with the service provider 3 via the network 4.
[0403]
The host controller 151 controls the recording / playback apparatus 140 and the electronic distribution dedicated recording medium 141 based on the operation command input via the input unit 154 during the purchase process, thereby allowing the content provider secure received by the communication unit 150 The container and the service provider secure container are temporarily held in the mass storage unit 156.
[0404]
Then, the host controller 151 causes the electronic distribution dedicated recording medium 141 to execute a purchase process, thereby causing the corresponding content key K from the large-capacity storage unit 156._coEncrypted content, individual key K_iContent key K encrypted with_coAnd delivery key K_dIndividual key K encrypted with_iAnd the delivery key K is stored in the electronic distribution dedicated recording medium 141._dIndividual key K encrypted with_iKey K read from the storage module 201 of the encryption processing unit 191_dDecrypted with the individual key K_iContent key K encrypted with_coDecrypted individual key K_iContent key K obtained by decrypting with_coStored key K read from storage module 201 of cryptographic processor 191_saveThe content key K that has been encrypted and read_coEncrypted with ID and storage key K_saveContent key K encrypted with_coIs recorded on the electronic distribution dedicated recording medium 141.
[0405]
Further, the host controller 151 controls the recording / reproducing apparatus 140 and the electronic distribution dedicated recording medium 141 based on the operation command input via the input unit 154 during the reproduction process, thereby the electronic distribution dedicated recording medium 141. To the temporary key K (shared between the cryptographic processing unit 152 and the cryptographic processing unit 191 by mutual authentication)._temp1Content key K encrypted with_coAnd the temporary key K (shared between the encryption processing unit 152 and the decompression unit 153 by mutual authentication)_temp2Content key K encrypted with_co, The content key K_coThe content encrypted in step 153 is supplied to the decompression unit 153 and the content key K_coContent encrypted with the content key K_coDecrypt using.
[0406]
Incidentally, the input unit 154 and the display unit 155 have the same functions as the input unit 63 and the display unit 64 of the home server 51, respectively, and thus description thereof is omitted.
[0407]
The encryption processing unit 152 includes a control unit 160, a storage module 161, a registration information inspection module 162, a purchase processing module 163, a mutual authentication module 164, and an encryption / decryption module 165. Incidentally, the cryptographic processing unit 152 is configured by a single-chip cryptographic processing dedicated IC like the cryptographic processing unit 65 of the home server 51, and has a characteristic (tamper resistance) that makes it difficult to read data illegally from the outside.
[0408]
In the encryption processing unit 152, the control unit 160, the storage module 161, the registration information inspection module 162, the purchase processing module 163, and the encryption / decryption module 165 are the control unit 91, storage module 92, registration information inspection of the home server 51. Since the module 93, the purchase processing module 94, and the encryption / decryption module 96 have the same functions, descriptions thereof are omitted.
[0409]
Also, the mutual authentication module 164 performs mutual authentication with the decompression unit 153 and the electronic distribution dedicated recording medium 141, and a temporary key shared with the decompression unit 153 and the electronic distribution dedicated recording medium 141 as necessary. K_temp(Session key) is generated.
[0410]
The encryption / decryption module 165 includes a decryption unit 170, an encryption unit 171, a random number generation unit 172, a signature generation unit 173, and a signature verification unit 174. Decryption unit 170, encryption unit 171, random number generation unit 172, signature generation unit 173, and signature verification unit 174 are decryption unit 111, encryption unit 112, random number generation unit 113, and signature generation unit of home server 51, respectively. 114 and the signature verification unit 115, the description thereof is omitted.
[0411]
The decompression unit 153 includes a mutual authentication module 180, a key decryption module 181, a decryption module 182, a decompression module 183, a digital watermark addition module 184, and a storage module 185. The mutual authentication module 180, the key decryption module 181, the decryption module 182, the decompression module 183, the digital watermark addition module 184, and the storage module 185 are the mutual authentication module 101, the key decryption module 102, and the decryption module 185 of the home server 51, respectively. Since it has the same functions as the module 103, the decompression module 104, the digital watermark addition module 105, and the storage module 106, description thereof is omitted.
[0412]
Further, the electronic distribution dedicated recording medium 141 executes purchase processing to create billing information, and holds the created billing information. The communication unit 190, which is a communication unit, a content key encryption unit, and a content It comprises an encryption processing unit 191 that is a key decryption unit, an external memory control unit 192 that is a recording / playback unit, and an external memory 193 that is a recording medium.
[0413]
The communication unit 190 transmits and receives data to and from the host controller 151 of the recording / reproducing device 140. The cryptographic processing unit 191 has a circuit configuration similar to that of the cryptographic processing unit 65 of the home server 51 and has a characteristic (tamper resistance) that makes it difficult to read data illegally from the outside. The encryption processing unit 191 includes a control unit 200, a storage module 201 serving as a storage key holding unit, a registration information inspection module 202, a purchase processing module 203, a mutual authentication module 204, and an encryption / decryption module 205.
[0414]
  Control unit 200, storage module 201, registration information inspection module 202,The purchase processing module 203, the mutual authentication module 204, and the encryption / decryption module 205 are the control unit 91, the storage module 92, the registration information inspection module 93, the purchase processing module 94, the mutual authentication module 95, and the encryption of the home server 51, respectively. Since it has the same function as the / decryption module 96, its description is omitted. The encryption / decryption module 205 includes a decryption unit 210, an encryption unit 211, a random number generation unit 212, a signature generation unit 213, and a signature verification unit 214.
[0415]
The external memory control unit 192 reads / writes data from / to the external memory 193 and performs tamper check processing as necessary. As the external memory 193, various recording media such as a writable optical disc, a hard disk, and a semiconductor memory can be applied. Therefore, the external memory control unit 192 needs to have a structure capable of reading data from these recording media. If necessary, a recording medium control unit (not shown) is added for reading and writing. The details of the tampering check process have been described with reference to FIGS. 68 to 71, and a description thereof will be omitted.
[0416]
Here, in the electronic distribution dedicated recording medium 141, the storage module 201 of the encryption processing unit 191 stores the storage key K unique to the electronic distribution dedicated recording medium 141._saveHolding. In the electronic distribution dedicated recording medium 141, the content key K_coWhen the content key K is recorded in the external memory 193_coSave key K_saveAnd the encrypted content key K from the external memory 193_coIs reproduced, the content key K_coSave key K_saveAnd decrypted and transmitted to the recording / reproducing apparatus 140.
[0417]
  ObedienceTsuThus, the content recorded on the recording medium by the conventional recording / reproducing apparatus is the device that recorded the content on the recording medium (that is, the content key K recorded on the recording medium)._coStorage key K unique to the encryption processing unit_saveDevice other than the device (that is, the storage key K in which the content is encrypted)_saveStorage key K different from_saveHowever, if the content recorded on the electronic distribution dedicated recording medium 141 is a device having the same configuration as that of the recording / reproducing device 140 described above, the storage key K is stored._saveCan be played even if it is not held.
[0418]
By the way, in the recording / reproducing apparatus 140, the purchase process is executed on the electronic distribution dedicated recording medium 141, and the content is transferred to the content key K._coTherefore, it is possible to configure without using the encryption processing unit 152 and the expansion unit 153 only for the purpose of recording the content.
[0419]
Further, in the recording / reproducing apparatus 140, the electronic distribution dedicated recording medium 141 is detachably provided, and the content and the content key K can be used by other devices._coSince the content can be reproduced even from the electronic distribution dedicated recording medium 141 on which the information is recorded, the recording / reproducing apparatus 140 is provided with only a reproduction function and is used without being connected to the electronic distribution service center 1 or the network 4. You can also.
[0420]
However, in the user home network 5, the content and content key K are recorded in the recording / reproducing apparatus 140 connected to the network 4 in this way for the electronic distribution dedicated recording medium 141._coIs used for reproducing the content by the recording / reproducing apparatus 140 not connected to the electronic distribution service center 1 or the network 4, the charging information held by the electronic distribution dedicated recording medium 141 is stored in the electronic distribution service center. It is conceivable that it becomes difficult to collect the product at 1.
[0421]
For this reason, in the electronic distribution dedicated recording medium 141, the encryption processing unit 191 searches the control unit 200, for example, periodically for charging information in the storage module 201, and the electronic distribution service center 1 does not collect the charging information. If there is, the reproduction restriction is applied to the corresponding content so that, for example, the content can be reproduced only once from the purchase processing until the billing information is collected, and the management of the content is performed. Do not move.
[0422]
As a result, the electronic music distribution system 10 prevents a user who owns the electronic distribution dedicated recording medium 141 from playing content inappropriately. By the way, as the playback restriction due to the non-collection of billing information, for example, the number of times that the content can be played before the billing information is collected from the purchase process is set in advance, and the number of times the content is played is counted from the point of purchase processing However, when it is detected that the billing information has not been collected, it is possible to make the reproduction restriction function effectively. That is, when it is detected that the billing information has not been collected, the number of times the corresponding content has been reproduced at this time point is compared with the preset number of reproduction restrictions, and the number of times the content has already been reproduced is When the set number of playback limits has been reached, this content cannot be played back.
[0423]
Further, as the reproduction restriction, a period (time) may be used. That is, a time during which the content can be reproduced is set in advance, and the content cannot be reproduced when the billing information has not been collected even after the set time has elapsed since the purchase process. Note that in the electronic distribution dedicated recording medium 141, the restriction content of the reproduction restriction is held in the storage module 201 of the encryption processing unit 191 in correspondence with the billing information, or the license agreement condition information is stored in the external memory 193, for example. You may hold | maintain correspondingly. Further, the reproduction restriction (number of times or period) is stored in the handling policy and / or price information, and the electronic distribution dedicated recording medium 141 extracts the reproduction restriction information from the handling policy and / or price information at the time of purchase processing, It is also possible to create license agreement information including this, and hold the created license agreement information in the external memory 193.
[0424]
Here, the purchase process executed in the recording / reproducing apparatus 140 will be described with reference to the flowchart shown in FIG. In step S <b> 700, the host controller 151 in the recording / reproducing apparatus 140 temporarily stores the content provider secure container and the service provider secure container distributed from the service provider 3 via the network 4 in the mass storage unit 156. The delivery key K stored in the storage module 201 in the encryption processing unit 191 via the control unit 200 of the encryption processing unit 191 in the delivery-only recording medium 141_dDetermine the expiration date (version) of the delivery key K_dIf is valid, the process proceeds to step S701.
[0425]
In step S <b> 701, the host controller 151 determines the total amount of charging information stored in the storage module 201 in the encryption processing unit 191 via the control unit 200 of the encryption processing unit 191 in the electronic delivery dedicated recording medium 141. It is determined whether or not a preset upper limit has been reached, and if the total amount of charging has not reached the upper limit, the process proceeds to step S702. Incidentally, in this step S701, instead of determining whether or not the total amount of charges has reached the upper limit, for example, it is determined whether or not there is an empty storage area for the charge information in the storage module 201, and the storage area If there is a vacancy, the process may proceed to step S702. In step 701, it may be determined whether the number of charging information stored in the storage module 210 (that is, the number of purchases) has reached a preset (upper limit) number.
[0426]
In step S702, the host controller 151 reads the public key certificate of the content provider 2 included in the content provider secure container in the large-capacity storage unit 156, and records the read public key certificate of the content provider 2 dedicated to electronic distribution. The data is transmitted to the encryption processing unit 191 in the medium 141. As a result, in the encryption processing unit 191 in the electronic delivery dedicated recording medium 141, the control unit 200 verifies the signature of the public key certificate of the content provider 2 in the signature verification unit 214 in the encryption / decryption module 205, As a result of the verification of the signature, if it is confirmed that the public key certificate has not been tampered with, the public key of the content provider 2 included in the public key certificate is extracted, and the process proceeds to step S703.
[0427]
In step S703, the upper controller 151 reads the key data of the content included in the secure container of the content provider in the large capacity storage unit 156, and sends the read key data to the encryption processing unit 191 in the electronic delivery dedicated recording medium 141. Send. As a result, in the encryption processing unit 191 in the electronic distribution dedicated recording medium 141, the control unit 200 verifies the signature of the key data in the signature verification unit 214 in the encryption / decryption module 205, and the result of the verification of this signature If it is confirmed that the key data has not been tampered with, the process proceeds to step S704.
[0428]
In step S704, the host controller 151 reads the content handling policy contained in the secure container of the content provider in the mass storage unit 156 and sends the read handling policy to the encryption processing unit 191 in the electronic delivery dedicated recording medium 141. Send. As a result, in the encryption processing unit 191 in the electronic delivery dedicated recording medium 141, the control unit 200 verifies the signature of the handling policy in the signature verification unit 214 in the encryption / decryption module 205, and the verification result of this signature If it is confirmed that the handling policy has not been tampered with, the process proceeds to step S705.
[0429]
In step S705, the host controller 151 reads the public key certificate of the service provider 3 included in the secure container of the service provider in the large-capacity storage unit 156, and the read public key certificate of the service provider 3 is dedicated to electronic distribution. The data is sent to the encryption processing unit 191 in the recording medium 141. As a result, in the encryption processing unit 191 in the electronic distribution dedicated recording medium 141, the control unit 200 verifies the signature of the public key certificate of the service provider 3 in the signature verification unit 214 in the encryption / decryption module 205, As a result of the signature verification, if it is confirmed that the key data has not been tampered with, the process proceeds to step S706.
[0430]
  In step S706, the host controller 151 reads the price information of the content included in the secure container of the service provider in the large-capacity storage unit 156, and sends the read price information to the encryption processing unit 191 in the electronic delivery dedicated recording medium 141. Send. As a result, in the encryption processing unit 191 in the electronic delivery dedicated recording medium 141, the control unit 200 verifies the signature of the price information in the signature verification unit 214 in the encryption / decryption module 205, and the result of the verification of this signature ,Price informationIf it is confirmed that no falsification has been made, the process proceeds to step S707.
[0431]
In step S707, the host controller 151 displays information on the contents that can be purchased on the display unit 155. When the user selects and specifies the desired content via the input unit 154, the host controller 151 generates a purchase command for the selected and specified content. Then, the data is transmitted to the encryption processing unit 191 in the electronic distribution dedicated recording medium 141. As a result, the control unit 200 of the encryption processing unit 191 uses the purchase processing module 203 to determine the accounting information based on the handling policy (the handling policy verified in step S704) and the price information (the price information verified in step S706). And use permission condition information is generated, and it progresses to Step S708. Incidentally, the user may select and specify the desired content via the input means 154 prior to the purchase process.
[0432]
In step S708, the control unit 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 stores the billing information (billing information generated in step S707) in the storage module 201, and in the subsequent step S709, the license condition information (Use permission condition information generated in step S707) is sent to the external memory 193 via the external memory control unit 192, and thus the use permission condition information is written in the external memory 193. Further, the use permission condition information may be written in the falsification preventing area (similar to the external memory in FIG. 16) in the same manner as the data writing described above with reference to FIG. Incidentally, the use permission condition information may be stored in the storage module 201 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141.
[0433]
In step S710, the control unit 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 uses the decryption unit 210 of the encryption / decryption module 205 to generate key data (key data verified in step S703 described above). Encrypted individual key K included_i, Delivery key K_d(Delivery key K confirmed to be valid in step S700 described above_d).
[0434]
Next, the control unit 200 uses the decryption unit 210 to encrypt the encrypted content key K included in the key data._coIs the individual key K that was previously decrypted_iDecrypt using. Subsequently, the control unit 200 uses the decrypted content key K_coAnd a storage key K stored in the storage module 201_saveTo the encryption unit 211, and in the encryption unit 211, the storage key K_saveContent key K using_coIs encrypted.
[0435]
  In step S711, a recording medium dedicated to electronic distribution141Control unit of encryption processing unit 191200In step S710, the storage key K_saveContent key K encrypted with_coIs transmitted to the external memory 193 via the external memory control unit 192, and thus the content key K encrypted in the external memory 193 is transmitted._coIs saved, and the process proceeds to step S712. In addition, storage key K_saveContent key K encrypted with_coMay be written to the falsification preventing area (similar to the external memory of FIG. 16) in the same manner as the data writing described above with reference to FIG. Incidentally, stored key K_saveContent key K encrypted with_coMay be stored in the storage module 201 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141.
[0436]
In step S712, the host controller 151 in the recording / playback apparatus 140 reads the encrypted content included in the content provider secure container in the large-capacity storage unit 156, and the read encrypted content is dedicated to electronic distribution. The encrypted content is sent to the recording medium 141, and thus the encrypted content is stored in the external memory 193 in the electronic distribution dedicated recording medium 141.
[0437]
Incidentally, in this step S712, the host controller 151 may store the encrypted content, the handling policy verified in the corresponding step S704, and the price information verified in the step S706 in the external memory 193. good. In addition, the encrypted content (or content and handling policy and price information) is not stored in the external memory 193 in step S712, but is stored in the external memory 193 in a step prior to the step S712. You may do it.
[0438]
In the purchase process, in step S700, the delivery key K_dIn step S701, if the total amount of billing information has reached the upper limit, if it is determined in step S702 that the public key certificate of the content provider 2 is incorrect, in step S703 If it is determined that the signature of the key data is not correct, if it is determined in step S704 that the signature of the handling policy is incorrect, if it is determined in step S705 that the public key certificate of the service provider 3 is incorrect, step If it is determined in S706 that the price information signature is not correct, the process proceeds to step S713 to execute error processing. Incidentally, in this purchase process, the case where the signature of the content is not verified is shown. However, prior to saving the content in the external memory 193, the signature of the content may be verified in any step.
[0439]
Incidentally, when data is transmitted / received between the recording / reproducing apparatus 140 and the electronic distribution dedicated recording medium 141, a signature is added to the data on the transmitting side and the signature is verified on the receiving side as necessary. .
[0440]
As described above, the recording / reproducing apparatus 140 executes the purchase process in the electronic distribution dedicated recording medium 141, and thus stores the content key K in the external memory 193 of the electronic distribution dedicated recording medium 141._coAnd the storage key K unique to the encryption processing unit 191 of the electronic distribution dedicated recording medium 141_saveEncrypted content key K_coIs recorded in the external memory 193 in the electronic distribution dedicated recording medium 141.
[0441]
Further, the reproduction processing executed in the recording / reproducing apparatus 140 will be described with reference to the flowchart shown in FIG. In step S720, the host controller 151 in the recording / reproducing apparatus 140 sends the ID of the content instructed to be reproduced through the input unit 154 by the user to the encryption processing unit 191 in the electronic delivery dedicated recording medium 141.
[0442]
In step S721, the control unit 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 sends the content ID given from the higher-level controller 151 to the external memory control unit 192, thereby causing the external memory control unit 192 to operate. The encrypted content key K corresponding to the ID from the external memory 193_coAnd the license agreement information are read, and the read encrypted content key K_coIs sent to the decryption unit 210 of the encryption / decryption module 205, and the use permission condition information is sent to the control unit 200. The external memory control unit 192 uses the content key K encrypted from the external memory 193._coFurther, when reading the use permission condition information, the tampering check may be performed in the same manner as the data reading described above with reference to FIG. Incidentally, in the electronic distribution dedicated recording medium 141, the encrypted content key K_coAlternatively, the use permission condition information may be held in the storage module 201 of the encryption processing unit 191 and read from the storage module 201.
[0443]
In addition, in step S722, the control unit 200 of the encryption processing unit 191 searches for charging information in the storage module 201 based on the content ID, and in the subsequent step S723, the content ID is stored in the storage module 201. If the charging information corresponding to the ID is already collected in the electronic distribution service center 1 and does not exist in the storage module 201, the process proceeds to step S724.
[0444]
In step S724, the control unit 200 of the encryption processing unit 191 updates the use permission condition information as necessary. That is, when the usage right content included in the use permission condition information is, for example, a right-of-use right, the control unit 200 indicates that the number of reproductions indicated by the right-of-use right is subtracted. Then, the updated use permission condition information is stored in the external memory 193 via the external memory control unit 192. At this time, the external memory control unit 192 may perform a falsification check similarly to the data rewriting described above with reference to FIG. Incidentally, the use permission condition information may be updated and stored in the storage module 201 of the encryption processing unit 191.
[0445]
Next, in step S725, the control unit 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 uses the mutual authentication modules 204 and 164 to mutually authenticate with the encryption processing unit 152 of the recording / playback device 140. And temporary key K_temp1Are shared, and the process proceeds to step S726. Incidentally, since the mutual authentication processing procedure has been described above with reference to FIG. 51, detailed description thereof will be omitted.
[0446]
In step S726, the control unit 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 uses the decryption unit 210 to encrypt the content key K._coStored key K stored in storage module 201_saveDecrypted with the content key K_coIs sent to the encryption unit 211. Next, the control unit 200 causes the encryption unit 211 to share the temporary key K shared with the mutual authentication module 164 in step S625._temp1Content key K using_coIs encrypted, and the process proceeds to step S727.
[0447]
In step S727, the control unit 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 performs the temporary key K._temp1Content key K encrypted with_coIs transmitted to the encryption processing unit 152 of the recording / reproducing apparatus 140.
[0448]
In step S728, the control unit 160 of the encryption processing unit 152 in the recording / reproducing device 140 transmits the encrypted content key K transmitted from the electronic distribution dedicated recording medium 141._coIn the decryption unit 170 of the encryption / decryption module 165, and the encrypted content key K is decrypted in the decryption unit 170._coIn step S625, the temporary key K shared with the mutual authentication module 204_temp1And decrypting the content key K_coIs sent to the encryption unit 171.
[0449]
Next, in step S729, the control unit 160 of the encryption processing unit 152 in the recording / reproducing device 140 performs mutual authentication with the decompression unit 153 using the mutual authentication modules 164 and 180, and the temporary key K_temp2To share. Incidentally, since the mutual authentication processing procedure has been described above with reference to FIG. 51, detailed description thereof will be omitted.
[0450]
Accordingly, the control unit 160 of the encryption processing unit 152 in the recording / reproducing apparatus 140 causes the temporary key K shared with the decompression unit 153 by the encryption unit 171 in step S730._temp2Content key K_coThus, in the subsequent step S731, the encrypted content key K is encrypted._coIs sent to the decompression unit 153.
[0451]
In step S732, the key decryption module 181 of the decompression unit 153 determines that the encrypted content key K given from the encryption processing unit 152 is received._coAnd the encrypted content key K_coIs a temporary key K shared with the cryptographic processing unit 152_temp2And decrypting the content key K_coIs sent to the decryption module 182.
[0452]
In step S733, the decryption module 182 of the decompression unit 153 is given the encrypted content read from the external memory 193 in the electronic distribution dedicated recording medium 141 from the higher-level controller 151 at this time, and is encrypted. Content key K given from the key decryption module 181_coThe decrypted content is sent to the decompression module 183.
[0453]
In step S734, the decompression module 183 of the decompression unit 153 decompresses the content given from the decryption module 182 by a predetermined method such as ATRAC, and sends the decompressed content to the digital watermark adding module 184. In step S735, the digital watermark addition module 184 of the decompression unit 153 instructs the decompressed content given from the decompression module 183 to the encryption processing unit of the electronic distribution dedicated recording medium 141 instructed by the control unit 160 of the encryption processing unit 152. Predetermined data such as ID 191 is inserted in the form of a digital watermark.
[0454]
In step S736, the host controller 151 in the recording / playback device 140 sends the content obtained by the decompression unit 153 to, for example, a speaker (not shown), thereby playing music based on the content via the speaker. Let it sound. Thus, the recording / reproducing apparatus 140 can reproduce the content in this way.
[0455]
Here, in step S723, when the accounting information corresponding to the content ID is stored in the storage module 201, the control unit 200 of the encryption processing unit 191 in the electronic delivery dedicated recording medium 141 proceeds to step S737. Then, referring to the reproduction restriction when the charging information is not collected, it is determined whether or not the content for which the charging information is not collected satisfies the reproducible condition.
[0456]
Then, the control unit 200 of the encryption processing unit 191 does not satisfy the reproducible condition (that is, when the content has already been replayed a predetermined number of times or the reproducible period has passed). In this case), the reproduction process is terminated. On the other hand, if the content satisfies the reproducible condition (that is, if the number of times the content is reproduced is less than the number of times determined by the reproduction restriction), the control unit 200 proceeds to step S724 and uses permission condition information Update as necessary. Incidentally, the playback restriction used when the billing information is not collected may be held in the storage module 200 of the encryption processing unit 191 in the electronic distribution dedicated recording medium 141 or the external memory 193, It may be stored in price information data.
[0457]
Incidentally, the electronic distribution dedicated recording medium 141 may be provided in the home server 51 or the stationary device 52 described above with reference to FIG.
[0458]
As described above, in the recording / reproducing apparatus 140, the content key K is stored from the electronic distribution dedicated recording medium 141._coEncrypted with, and the content key K_coPlay this content key K_coThe content encrypted with the content key K_coHowever, the content can be used according to a preset playback restriction until the billing information is collected, and after the billing information is collected, the usage rights purchased by the purchase process are collected. Make content available according to the content.
[0459]
In the above-described configuration, in the electronic music distribution system 10, the recording / reproducing apparatus 140 in which the electronic distribution dedicated recording medium 141 is detachably provided is provided as a device in the user home network 5, and the content key K is received from the service provider 3._coEncrypted content, individual key K_iContent key K encrypted with_coAnd delivery key K_dIndividual key K encrypted with_i(That is, the content provider secure container and the service provider secure container) are transmitted, the recording / playback apparatus 140 controls the electronic distribution dedicated recording medium 141 to execute the purchase process, and the electronic distribution dedicated recording medium 141 executes the content. Key K_coThe content encrypted with the key is recorded in the external memory 193 and the delivery key K_dIndividual key K encrypted with_iThe delivery key K_dDecrypted with the individual key K_iContent key K encrypted with_coThe individual key K_iDecrypted with this decrypted content key K_coIs a storage key K unique to the electronic distribution dedicated recording medium 141_saveIs encrypted and recorded in the external memory 193. Incidentally, in the recording medium 141 dedicated for electronic distribution, the storage key K_saveAre stored in the storage module 201 of the cryptographic processing unit 191 having tamper resistance in the electronic distribution dedicated recording medium 141.
[0460]
Further, the recording / reproducing apparatus 140 controls the electronic distribution dedicated recording medium 141 during the reproduction process, so that the content key K is stored in the electronic distribution dedicated recording medium 141 from the external memory 193._coEncrypted with ID and storage key K_saveContent key K encrypted with_coAnd store the stored key K_saveContent key K encrypted with_coThe storage key K_saveAnd thus the content key K_coEncrypted content key and decrypted content key K_coTake out. Then, the recording / reproducing apparatus 140 uses the encryption processing unit 152 and the decompressing unit 153 to use the content key K_coThe content encrypted with the content key K_coDecrypt using.
[0461]
Therefore, in the electronic music distribution system 10, the recording / playback device 140 causes the content key K to be stored in the external memory 193 in the electronic distribution dedicated recording medium 141._coEncrypted with, and storage key K_saveContent key K encrypted with_co, But the content key K from the electronic distribution dedicated recording medium 141 is recorded._coEncrypted content key and decrypted content key K_coTherefore, the recording / reproducing apparatus 140 does not need to store a storage key unique to the encryption processing unit 152. For this reason, the electronic music distribution system 10 is different from the recording / reproducing apparatus 140 that records content on the electronic distribution dedicated recording medium 141 as long as it has the encryption processing unit 152 and the expansion unit 153 similar to the recording / reproducing apparatus 140. Even in a device, content can be reproduced and used using the electronic distribution dedicated recording medium 141, and thus the versatility of the electronic distribution dedicated recording medium 141 can be remarkably improved.
[0462]
Also, in the electronic distribution dedicated recording medium 141, it is assumed that the content and content key K are stored from the external memory 193._coContent key K for decrypting content even if_coStorage key K used when encrypting_saveIs stored in the storage module 201 in the cryptographic processing unit 191 having tamper resistance, and the storage key K_saveCan be prevented from being read illegally, and thus the content can be prevented from being used illegally.
[0463]
Further, in the electronic music distribution system 10, since the versatility of the electronic distribution dedicated recording medium 141 is improved, the charging information is collected for the content recorded on the electronic distribution dedicated recording medium 141 until the charging information is collected. By restricting usage (restricting the number or period of reproduction or copying), it is possible to prevent content from being illegally used without collecting the billing information.
[0464]
According to the above configuration, the storage key K unique to the electronic distribution dedicated recording medium 141 is added to the electronic distribution dedicated recording medium 141 detachably provided in the recording / reproducing apparatus 140._saveAnd the recording / reproducing apparatus 140 performs the content key K during the purchase process._coEncrypted content, individual key K_iContent key K encrypted with_coAnd delivery key K_dIndividual key K encrypted with_iIs transmitted to the electronic distribution dedicated recording medium 141 and the content key K is stored in the electronic distribution dedicated recording medium 141._coThe content encrypted by the method is recorded in the external memory 193, and the encrypted individual key Ki is used as the delivery key K._dAfter decrypting with, encrypted content key K_coThis individual key K_iContent key K obtained by decrypting with_coSave key K_saveIs encrypted and recorded in the external memory 193, and the recording / reproducing apparatus 140 receives the content key K from the electronic distribution dedicated recording medium 141 during the reproduction process._coEncrypted content and storage key K_saveContent key K decrypted with_coEven when the electronic distribution dedicated recording medium 141 is inserted into another recording / reproducing apparatus 140 different from the recording / reproducing apparatus 140 used for recording the content, It is possible to realize an electronic music distribution system that can reproduce content from the electronic distribution dedicated recording medium 141 and thus can significantly improve the versatility of the electronic distribution dedicated recording medium 141.
[0465]
Incidentally, in such an electronic music distribution system 10, the distribution key K is stored in the electronic distribution dedicated recording medium 141._dOr the delivery key K_dIs not used even if it is held, and when the content is recorded by the recording / reproducing apparatus 140, the individual key K_iContent key K encrypted with_coThe individual key K_iAfter decrypting with the content key K_coIs a temporary key K that is shared by mutual authentication with the electronic distribution dedicated recording medium 141_tempAnd the temporary key K_tempContent key K encrypted with_coIs the content key K_coBoth of the contents encrypted in the above may be transmitted to the electronic distribution dedicated recording medium 141.
[0466]
In the present invention, the content provider 2 is applied as the information transmission device, but the content provider 2 and the service provider 3 may be applied as the information transmission device.
[0467]
【The invention's effect】
  As described above, according to the present invention, the information is transmitted from the information transmitting device.TakoContent data is recorded by a recording / playback device.For the recording / reproducing deviceDetachableAttached toIn a recording / reproducing system for recording / reproducing data in a data storage device, content data is transmitted to an information transmitting device.TheThe content encryption means for encrypting with the content key and the transmission means for transmitting the content key and the content data encrypted with the content key are provided.A recording / playback side authentication means for mutual authentication with the data storage device and sharing a temporary key with the data storage device;Receiving means for receiving the content key transmitted from the information transmitting device and the content data encrypted with the content key;The recording / playback side key encryption means for encrypting the content key received together with the content data encrypted with the content key by the receiving means with the temporary key shared with the data storage device, and the data storage device during the recording process ,Content data encrypted with content keyAnd the content key encrypted with the temporary key by the recording / playback side key encryption means.Send outThe content key encrypted with the temporary key is decrypted with the temporary key, then encrypted with the storage key unique to the data storage device, and the content key encrypted with the storage key is encrypted with the content key To be written to the recording medium along with the content dataOrDuring playback processing,Data storage deviceIn contrast, it was encrypted with the storage key from the recording medium.Content key and content data encrypted with the content keyThe content key that has been read and encrypted with the storage key is decrypted with the storage key and then encrypted with the temporary key, and the content key encrypted with the temporary key is transferred to the content key Import with content data encrypted with keyRecording / playback control means andA recording / playback side key decryption unit for decrypting the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the recording / playback control unit, with the temporary key shared with the data storage device;In the data storage device,RecordRecording media and, KeepA stored key holding means for holding an existing key;A data storage side authentication means for mutual authentication with the recording / reproducing apparatus and sharing the temporary key with the recording / reproducing apparatus, and a temporary key given together with the content data encrypted by the content key from the recording / reproducing apparatus during the recording process The data storage side key decryption means for decrypting the encrypted content key with the temporary key shared with the recording / playback device, and the data storage side key decryption means decrypted with the temporary key during the recording process.Encrypt the content key with the storage keyData storage sideKey encryption means;During the recording process, the data storage side key encryption meansContent key encrypted with storage keyTheContent data encrypted with the content keyWithOn recording mediawritingOrDuring playback processing,A content key encrypted with a storage key and content data encrypted with the content key from a recording mediumRead / write readmeansAndTo provideThe data storage side key decryption means of the data storage device receives the content key encrypted with the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading means during the reproduction process. The data storage side key encryption unit of the data storage device decrypts the content key decrypted with the storage key by the data storage side key decryption unit with the temporary key shared with the recording / reproduction device during the reproduction process. Turn intoAs a result, it is not necessary to store the storage key on the recording / reproducing device side, and content data can be reproduced from the data storage device by other recording / reproducing devices other than the recording / reproducing device that recorded the content data in the data storage device. CanSince the content data is transmitted and received together with the content key encrypted with the temporary key after mutual authentication between the recording / reproducing device and the data storage device, the content data is taken together with the content key during the transmission / reception. You can also avoid being used inappropriatelyThus, a recording / reproducing system that can remarkably improve the versatility of the data storage device can be realized.
[0468]
  Also,RecordRemovable data storage device with recording mediaFittedIn the recording / reproducing apparatus,Authentication means for mutual authentication with a data storage device and sharing a temporary key with the data storage device, and a content key for encrypting a content key used for encrypting content data with a temporary key shared with the data storage device For the encryption means and the data storage device during the recording process,Encrypt with content keyWasContent data,Encrypted with temporary key by content key encryption meansContent key andSendbrothAfter decrypting the content key encrypted with the temporary key using the temporary keyData storage device specific storage keysoencryptionLet me, Encrypt with the storage keyLetContent keyTheEncrypt with the content keyWasContent dataWithOn recording mediaControl to write, and during the playback process, to the data storage device,Encrypt with storage key from recording mediumWasEncrypted with the content key and the content keyWasContent dataLet me readEncrypt with stored keyWasSave the content keysoDecryptionControl to encrypt with the temporary key and then encrypt with the temporary keyContent keyTheEncrypt with content keyWasContent dataCapture withRecording / playback control meansAnd content key decryption that decrypts the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the recording / playback control means with the temporary key shared with the data storage device during the playback process Means andThe content data can be reproduced from the data storage device in which the content data is recorded in the other recording / reproducing device, because it is not necessary to hold the storage key.At the same time, since the content data is sent and received together with the content key encrypted with the temporary key after mutual authentication with the data storage device, the content data is taken together with the content key and used illegally. Can also avoidThus, it is possible to realize a recording / reproducing apparatus that can remarkably improve the versatility of the data storage apparatus.
[0469]
  further,RecordRemovable data storage device with recording mediaFittedIn the playback device,Authentication means for mutual authentication with the data storage device and sharing the temporary key with the data storage device, and the data storage device,Content data encrypted with content key and data storage device specificMaintenanceThe content key encrypted with the existing keyThe content key encrypted with the storage key and the content data encrypted with the content key are read from the recording medium on which theThe content key encrypted with the storage keysoDecryptionControl to encrypt with the temporary key and then encrypt with the temporary keyContent keyTheContent data encrypted with content keyCapture withReproduction control meansAnd a content key decrypting unit for decrypting the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the reproduction control unit with the temporary key shared with the data storage device;The content data can be played back from the data storage device in any playback device as long as the storage key is not required.At the same time, since the content data is sent and received together with the content key encrypted with the temporary key after mutual authentication with the data storage device, the content data is taken together with the content key and used illegally. Can also avoidThus, it is possible to realize a playback device that can significantly improve the versatility of the data storage device.
[0470]
  Furthermore, it can be detachably attached to the recording and / or playback device.FittedUnder the control of the recording and / or playback devicecontentIn a data storage device for recording and / or reproducing data,RecordRecording media,Data storage device specificStorage key storage means for storing the storage key ofAuthentication means for mutual authentication with the recording and / or reproducing apparatus and sharing a temporary key with the recording and / or reproducing apparatus;With recording and / or playback devicecommunicationCommunication means toWhen the content data encrypted with the content key transmitted from the recording and playback device and the content key encrypted with the temporary key are received during the recording process, the encrypted data is encrypted with the temporary key received by the communication means. Content key decrypting means for decrypting the recorded content key with a temporary key shared with the recording and / or reproducing device, and decrypting with the temporary key by the content key decrypting means during the recording processA content key encryption means for encrypting the content key with a storage key;During the recording process, the content key encryption meansContent key encrypted with storage keyTheContent data encrypted with the content keyWithOn recording mediawritingOrDuring playback processing,A content key encrypted with a storage key and content data encrypted with the content key from a recording mediumRead / write readmeansAndTo provideThe content key decrypting means decrypts the content key encrypted with the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading means during the reproduction process, The content key encryption means encrypts the content key decrypted with the storage key by the data storage side key decryption means with the temporary key shared with the recording and reproduction device during the reproduction process, and the communication means performs the reproduction process with The content key encrypted with the temporary key by the content key encryption means is transmitted to the recording and / or reproducing apparatus together with the content data encrypted with the content key.So that the records andOrEven if the playback device does not have a storage key, content data can be recorded and / or played back.At the same time, since the content data is sent and received together with the content key encrypted with the temporary key after mutual authentication with the recording and / or playback device, the content data is taken together with the content key at the time of transmission and reception. You can also avoid being usedThus, it is possible to realize a data storage device that can greatly improve versatility.
[Brief description of the drawings]
FIG. 1 is a block diagram showing the overall configuration of an electronic music distribution system according to the present invention.
FIG. 2 is a block diagram showing a configuration of an electronic distribution service center.
FIG. 3 is a schematic diagram illustrating an example of periodic key update.
FIG. 4 is a schematic diagram illustrating an example of periodic key update.
FIG. 5 is a schematic diagram illustrating an example of periodic key update.
FIG. 6 is a schematic diagram illustrating an example of periodic key update.
FIG. 7 is a schematic diagram showing data contents of a user registration database.
FIG. 8 is a schematic diagram showing registration information for each group.
FIG. 9 is a block diagram illustrating a configuration of a content provider.
FIG. 10 is a flowchart showing a signature generation processing procedure.
FIG. 11 is a flowchart showing a signature verification processing procedure.
FIG. 12 is a flowchart showing an elliptic curve encryption method.
FIG. 13 is a flowchart showing a decryption process of elliptic curve encryption.
FIG. 14 is a block diagram showing a configuration of a service provider.
FIG. 15 is a block diagram showing a configuration of a user home network.
FIG. 16 is a schematic diagram for explaining the operation of the external memory control unit;
FIG. 17 is a block diagram showing a configuration of a recording medium dedicated for electronic distribution.
FIG. 18 is a block diagram showing data contents of each device.
FIG. 19 is a block diagram showing data contents held by a recording medium.
FIG. 20 is a schematic block diagram showing a data flow of the entire system.
FIG. 21 is a schematic block diagram showing a flow of a public key certificate.
FIG. 22 is a schematic diagram illustrating a content provider secure container.
FIG. 23 is a schematic diagram illustrating a content provider secure container.
FIG. 24 is a schematic diagram illustrating a content provider secure container.
FIG. 25 is a schematic diagram illustrating a content provider secure container.
FIG. 26 is a schematic diagram illustrating a public key certificate of a content provider.
FIG. 27 is a schematic diagram illustrating a public key certificate of a content provider.
FIG. 28 is a schematic diagram showing a public key certificate of a content provider.
FIG. 29 is a schematic diagram illustrating a service provider secure container.
FIG. 30 is a schematic diagram illustrating a service provider secure container.
FIG. 31 is a schematic diagram showing a public key certificate of a service provider.
FIG. 32 is a schematic diagram illustrating a public key certificate of a user device.
FIG. 33 is a chart showing a single content handling policy;
FIG. 34 is a chart showing an album content handling policy;
FIG. 35 is a chart showing another example of a single content handling policy.
FIG. 36 is a chart showing another example of the album content handling policy;
FIG. 37 is a chart showing price information of single content.
FIG. 38 is a chart showing price information of album content.
FIG. 39 is a chart showing another example of single content price information.
FIG. 40 is a chart showing another example of album content price information.
FIG. 41 is a chart showing use permission condition information.
FIG. 42 is a chart showing billing information.
FIG. 43 is a chart showing another example of billing information.
FIG. 44 is a chart showing a list of usage right contents;
FIG. 45 is a chart showing usage rights.
FIG. 46 is a chart showing single content.
FIG. 47 is a chart showing album contents.
FIG. 48 is a chart showing key data for single content.
FIG. 49 is a block diagram for explanation of individual key encryption processing;
FIG. 50 is a chart showing key data for album content.
FIG. 51 is a timing chart showing a mutual authentication process using a symmetric key technique.
FIG. 52 is a timing chart showing a mutual authentication process using an asymmetric key encryption technique.
FIG. 53 is a schematic block diagram showing a charging information transmission operation;
FIG. 54 is a schematic block diagram showing profit distribution processing operation;
FIG. 55 is a schematic block diagram showing a content usage record transmission operation;
FIG. 56 is a flowchart showing a content distribution and playback processing procedure;
FIG. 57 is a flowchart showing a transmission processing procedure to a content provider.
FIG. 58 is a flowchart showing a payment information registration processing procedure;
FIG. 59 is a flowchart showing a new device ID registration process procedure;
FIG. 60 is a flowchart showing a device additional registration process procedure;
FIG. 61 is a flowchart showing a determination process of registration information update start conditions;
FIG. 62 is a flowchart showing a registration information update processing procedure;
FIG. 63 is a flowchart showing a registration information update proxy processing procedure by a stationary device.
FIG. 64 is a flowchart showing a registration information update proxy processing procedure by a stationary device;
FIG. 65 is a flowchart showing a secure container transmission processing procedure;
FIG. 66 is a flowchart showing a secure container transmission processing procedure;
FIG. 67 is a flowchart showing the purchase processing procedure of the home server.
FIG. 68 is a flowchart showing a tampering check processing procedure when reading data;
FIG. 69 is a flowchart showing a tampering check processing procedure at the time of data writing;
FIG. 70 is a flowchart showing a falsification check processing procedure at the time of data rewriting.
FIG. 71 is a flowchart showing a tamper check processing procedure when data is deleted;
[Fig. 72] Fig. 72 is a flowchart illustrating a content reproduction processing procedure by the home server.
[Fig. 73] Fig. 73 is a flowchart illustrating a content playback processing procedure by the home server.
FIG. 74 is a flowchart showing a proxy usage processing procedure for content usage rights by the home server.
FIG. 75 is a flowchart showing a content change processing procedure for a purchased user.
FIG. 76 is a schematic diagram showing the contents of a rule part of a handling policy.
FIG. 77 is a schematic diagram showing the contents of a rule part of price information.
FIG. 78 is a schematic diagram illustrating an example of changing the right content;
FIG. 79 is a flowchart showing a content usage right redistribution processing procedure;
FIG. 80 is a flowchart showing a content usage right purchase processing procedure in a stationary device.
FIG. 81 is a schematic diagram showing a transition of a rule part of use permission condition information;
FIG. 82 is a flowchart showing a management transfer right transfer processing procedure;
FIG. 83 is a flowchart showing a management transfer right return processing procedure;
FIG. 84 is a block diagram showing an information transmission system according to the present invention.
FIG. 85 is a block diagram showing an information transmission system according to the present invention.
FIG. 86 is a flowchart showing a remote reproduction processing procedure.
FIG. 87 is a flowchart showing a reservation purchase processing procedure;
FIG. 88 is a flowchart showing a main purchase processing procedure after reservation purchase.
FIG. 89 is a flowchart showing a proxy purchase processing procedure when the home server charges.
FIG. 90 is a flowchart showing a proxy purchase processing procedure when a non-group device charges.
Fig. 91 is a block diagram illustrating a configuration of a recording / reproducing device.
FIG. 92 is a flowchart showing the purchase processing procedure of the recording / reproducing apparatus.
FIG. 93 is a flowchart showing the playback processing procedure of the recording / playback apparatus.
FIG. 94 is a block diagram showing a conventional example.
FIG. 95 is a block diagram showing a configuration of a conventional recording / reproducing apparatus.
[Explanation of symbols]
2 …… Content Provider, 3 …… Service Provider, 10 …… Electronic Music Distribution System, 34 …… Content Encryption Unit, 38, 45 …… Signature Generation Unit, 140 …… Recording / Playback Device, 141 …… Recording for Electronic Distribution Media 150, 190 ... Communication unit 151 ... High-level controller 152, 191 ... Cryptographic processing unit 153 ... Expansion unit 192 ... External memory control unit 193 ... External memory 201 ... Storage module , 210... Decryption unit, 211... Encryption unit.

Claims (7)

In a recording / reproducing system for recording / reproducing content data transmitted from an information transmitting device to a data storage device detachably attached to the recording / reproducing device by the recording / reproducing device,
The information transmitting apparatus is
Content encryption means for encrypting the content data with a content key;
A transmission means for transmitting the content key and the content data encrypted with the content key;
The recording / reproducing apparatus comprises:
A recording / playback side authentication means for mutual authentication with the data storage device and sharing a temporary key with the data storage device;
Receiving means for receiving the content key transmitted from the information transmitting device and the content data encrypted with the content key;
A recording / playback side key encryption means for encrypting the content key received together with the content data encrypted with the content key by the reception means, with the temporary key shared with the data storage device;
During the recording process, the content data encrypted with the content key and the content key encrypted with the temporary key by the recording / playback side key encryption unit are sent to the data storage device to temporarily store the data. The content key encrypted with the key is decrypted with the temporary key, then encrypted with the storage key unique to the data storage device, and the content key encrypted with the storage key is encrypted with the content key. Control is performed so that the encrypted content data is written to a recording medium together with the encrypted content data, or at the time of reproduction processing, the data storage device encrypts the content key encrypted with the storage key from the recording medium and the content key. After the encrypted content data is read and the content key encrypted with the storage key is decrypted with the storage key, Controlled so as to encrypt the key time, and reproduction control means for loading in the temporary key said content key is encrypted, with the encrypted the contents data in the contents key,
Recording / reproduction in which the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the recording / reproduction control means is decrypted with the temporary key shared with the data storage device Side key decryption means,
The data storage device is
The recording medium;
Storage key storage means for storing the storage key;
A data storage side authentication means for mutual authentication with the recording / reproducing apparatus and sharing the temporary key with the recording / reproducing apparatus;
During the recording process, the content key encrypted with the temporary key given together with the content data encrypted with the content key from the recording / reproducing device is decrypted with the temporary key shared with the recording / reproducing device. Data storage side key decryption means to be converted,
A data storage side key encryption unit that encrypts the content key decrypted with the temporary key by the data storage side key decryption unit with the storage key during the recording process;
At the time of the recording process, the content key encrypted with the storage key by the data storage side key encryption unit is written to the recording medium together with the content data encrypted with the content key, or at the time of the reproduction process, Read / write means for reading the content key encrypted with the storage key and the content data encrypted with the content key from the recording medium,
The data storage side key decryption means of the data storage device encrypts the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading means during the reproduction process. Decrypt the above-mentioned content key with the storage key,
The data storage side key encryption unit of the data storage device is configured to use the temporary key shared with the recording / reproduction device for the content key decrypted with the storage key by the data storage side key decryption unit during the reproduction process. A recording / playback system characterized by encryption using The recording / reproducing apparatus comprises:
During the playback process, the content data encrypted with the content key fetched from the data storage device by the recording / playback control means is decrypted with the temporary key by the recording / playback side key decryption means. 2. The recording / reproducing system according to claim 1, further comprising content decrypting means for decrypting using a key. The data storage device is detachably mounted, and has a playback device for playing back the content data from the data storage device;
The playback device is
Reproducing authentication means for mutual authentication with the data storage device and sharing a temporary key with the data storage device;
During playback processing, the data storage device is read from the recording medium with the content key encrypted with the storage key and the content data encrypted with the content key, and is encrypted with the storage key. The content key encrypted with the content key is controlled by decrypting the content key with the storage key and then encrypting the content key with the temporary key. Playback control means for capturing with data;
A reproduction-side key for decrypting the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the reproduction control means with the temporary key shared with the data storage device A decoding means,
The data storage side authentication means of the data storage device mutually authenticates with the playback device, shares the temporary key with the playback device,
The data storage side key decryption means of the data storage device is the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading means during the reproduction process. Decrypt the encrypted content key with the storage key,
The data storage side key encryption means of the data storage device encrypts the content key decrypted with the storage key by the data storage side key decryption means with the temporary key shared with the playback device. The recording / reproducing system according to claim 1, wherein: In a recording / reproducing apparatus in which a data storage device having a recording medium is detachably mounted,
Authentication means for mutual authentication with the data storage device and sharing a temporary key with the data storage device;
Content key encryption means for encrypting a content key used for encrypting content data with the temporary key shared with the data storage device;
During the recording process, the content data encrypted with the content key and the content key encrypted with the temporary key by the content key encryption means are sent to the data storage device, and the temporary key is used. After the encrypted content key is decrypted with the temporary key, the content key encrypted with the storage key unique to the data storage device is encrypted with the content key. The content data encrypted with the storage key and the content key encrypted from the recording medium to the data storage device during playback processing are controlled so that the content data is written together with the content data. The content key encrypted with the storage key is decrypted with the storage key and then the content data is read out. Controlled so as to encrypt the key time, and reproduction control means for loading in the temporary key said content key is encrypted, with the encrypted the contents data in the contents key,
During the playback process, the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the recording / playback control means is used with the temporary key shared with the data storage device. A recording / reproducing apparatus comprising: content key decrypting means for decrypting. During the playback process, the content data encrypted with the content key fetched from the data storage device by the recording / playback control unit is used as the content key decrypted with the temporary key by the content key decryption unit. 5. The recording / reproducing apparatus according to claim 4 , further comprising content decrypting means for decrypting the content using the content decrypting means. In a playback device in which a data storage device having a recording medium is detachably mounted,
Authentication means for mutual authentication with the data storage device and sharing a temporary key with the data storage device;
Encrypted with the storage key from the recording medium in which the content data encrypted with the content key and the content key encrypted with the storage key unique to the data storage device are written to the data storage device The content key encrypted with the content key and the content data encrypted with the content key are read out, the content key encrypted with the storage key is decrypted with the storage key, and then encrypted with the temporary key A reproduction control means for controlling the content key encrypted with the temporary key together with the content data encrypted with the content key;
Content key decryption for decrypting the content key encrypted with the temporary key taken together with the content data encrypted with the content key by the reproduction control means with the temporary key shared with the data storage device A playback device comprising: means. In a data storage device that is detachably attached to a recording and / or reproducing device and records and / or reproduces content data under the control of the recording and / or reproducing device.
A recording medium;
Storage key holding means for holding a storage key unique to the data storage device;
Authentication means for mutual authentication with the recording and / or reproducing device and sharing a temporary key with the recording and / or reproducing device;
Communication means for communicating with the recording and / or reproducing device;
When the content data encrypted with the content key transmitted from the recording and playback device and the content key encrypted with the temporary key are received during the recording process, the communication unit receives the content key Content key decrypting means for decrypting the content key encrypted with the temporary key with the temporary key shared with the recording and / or reproducing device;
Content key encryption means for encrypting the content key decrypted with the temporary key by the content key decrypting means with the storage key during the recording process;
During the recording process, the content key encrypted with the storage key by the content key encryption unit is written to the recording medium together with the content data encrypted with the content key, or during the reproduction process, the recording medium From the content key encrypted with the storage key and the writing and reading means for reading the content data encrypted with the content key,
The content key decrypting unit is configured to store the content key encrypted with the storage key read together with the content data encrypted with the content key from the recording medium by the writing / reading unit during the reproduction process. Decrypt with the storage key,
The content key encryption means encrypts the content key decrypted with the storage key by the data storage side key decryption means with the temporary key shared with the recording and / or playback device during the reproduction process,
The communication means transmits the content key encrypted with the temporary key by the content key encryption means together with the content data encrypted with the content key to the recording and / or reproducing apparatus during the reproduction process. A data storage device.

Images